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detecting  botnets  are  among 
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Google  directs  attack  at  Windows 

But  can  the  search  giant  hit  the  mark  with  Chrome  OS? 


BY  JOHN  FONTANA 


GOOGLE  HAS  POSI¬ 
TIONED  itself  for  a  bold  run  at 
Microsoft’s  core  businesses,  but 
industry  watchers  say  the  search 
giant  has  a  long  road  ahead. 

Google  last  week  unveiled 
its  Chrome  OS  project,  an  open 
source,  Linux-based  lightweight 
operating  system  for  Internet¬ 
centric  computing.  The  announcement  comes 
on  the  heels  of  Google’s  removal  of  the  beta 
labels  from  its  Google  Apps  services,  its  debut 
of  Google  Voice,  and  the  launch  of  an  industry- 
rallying  campaign  called  “Let’s  make  the  Web 
faster.” 

Google  is  targeting  Microsoft’s  core  busi¬ 
nesses  —  the  client  operating  system  and  Office 


—  that  earned  the  company 
nearly  $36  billion  in  2008,  and 
Microsoft’s  emerging  online  ser¬ 
vices  strategy. 

Google’s  rapid  fire  public  rela¬ 
tions  over  the  past  two  weeks 
wasn’t  so  much  coincidence  as  it 
was  the  fact  that  Microsoft  is  set 
to  make  an  online  services  splash 
this  week  at  its  annual  confer¬ 
ence  of  partners,  a  juggernaut 
Google  may  need  to  emulate  to  be  successful. 

In  addition,  Microsoft  is  just  more  than  three 
months  from  delivering  its  next  operating  sys¬ 
tem  —  Windows  7,  which  includes  a  version  for 
the  netbook  platform  Google  is  targeting  with 
Chrome  OS.  Google’s  operating  system  won’t 
ship  for  18  months. 

See  Chrome,  page  10 


Mobile  Web  apps 
growing  up 

Chrome  OS  has 
thrown  a  spotlight  on 
a  number  of  emerging 
Web  technologies  that 
promise  to  transform 
mobile  application 
development.  Page  10 


‘Hidden’ 
IPv6  traffic 
poses  risk 

BY  CAROLYN  DUFFY  MARSAN 


IPV6  —  THE  next -generation  Internet  pro¬ 
tocol  —  isn’t  keeping  too  many  U.S.  CIOs  and 
network  managers  up  worrying  at  night.  But 
perhaps  it  should. 

Experts  say  that  most  U.S.  organizations 
have  hidden  IPv6  traffic  running  across  their 
networks,  and  few  network  managers  are 
equipped  to  see,  manage  or  block  it.  Increas¬ 
ingly,  this  rogue  IPv6  traffic  includes  attacks 
such  as  botnet  command  and  controls. 

“If  you  aren’t  monitoring  your  network  for 
IPv6  traffic,  the  IPv6  pathway  can  be  used  as  an 
avenue  of  attack,”  says  Tim  LeMaster,  director  of 
systems  engineering  for  Juniper’s  federal  group. 
“What  network  managers  don’t  understand  is 
that  they  can  have  a  user  running  IPv6  on  a  host 
and  someone  could  be  sending  malicious  traffic 
to  that  host  without  them  knowing  it.” 

Most  U.S.  network  managers  are  blind  to 
rogue  IPv6  traffic  because  they  don’t  have  IPv6- 
aware  firewalls,  intrusion-detection  systems 
(IDS)  or  network  management  tools.  Also,  IPv6 
traffic  is  being  tunneled  over  IPv4  connections 
and  appears  to  be  regular  IPv4  packets  unless 
an  organization  has  deployed  security  mecha¬ 
nisms  that  can  inspect  tunneled  traffic. 

“At  least  half  of  U.S.  CIOs  have  IPv6  on  their 
networks  that  they  don’t  know  about,  but  the 
hackers  do,”  says  Yanick  Pouffary,  technology 

See  IPv6, page  39 
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Google  offerings  shed  beta  labels 

Gmail  is  out  of  beta.  After  five  years  and  plenty 
of  industry  snickering  and  corporate  complain¬ 
ing,  Google  announced  Tuesday  the  online 
messaging  service  is  now  an  official  “shipping" 
product.  Google  Calendar,  Google  Docs  and 
Google  Talk  were  all  stripped  of  their  beta  tags 
as  Google  upgraded  the  pieces  of  its  Google 
Apps  Premier  Edition  (GAPE)  suite  to  the  status 
of  a  finished  product.  While  Google  claims  the 
move  is  just  semantics,  it  acknowledges  that  the 
“beta”  tag  was  making  corporate  users  uneasy 
and  often  unwilling  to  commit. 
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Gartner  has  released  updated  worldwide  IT 
spending  numbers  that  show  the  ongoing 
economic  recession  and  declining  rev¬ 
enues  across  all  major  segments  of  IT  drove 
forecasts  down  6%  in  2009  to  a  total  of  $3.2 
trillion.  Gartner  adjusted  its  previous  2009 
spending  forecast  downward  to  a  decline 
of  6%,  rather  than  the  3.8%  the  research 
firm  estimated  in  March.  The  research  firm 
attributes  the  adjustment  to  continued  weak 
IT  spending  and  declining  revenue  across  all 
four  major  IT  segments:  hardware,  software,  IT 
services  and  telecommunications.  “While  the 
global  economic  downturn  are  still  being  cut 
and  consumers  will  need  a  lot  more  persuad¬ 
ing  before  they  can  feel  confident  enough 
to  loosen  their  purse  strings,”  said  Richard 
Gordon,  research  vice  president  and  head  of 
global  forecasting  at  Gartner,  in  a  statement. 


Social  Security  numbers  are  predictable 

Social  Security  numbers  may  not  be  as  ran¬ 
dom  as  believed,  as  a  new  study  contends  that 
powerful  mathematical  techniques  combined 
with  open-source  research  can,  in  some  cases, 
reveal  a  person’s  secret  number.  The  study, 
published  in  the  journal  Proceedings  of  the 
National  Academy  of  Sciences,  serves  as  a 
stark  warning  that  SSNs  are  increasingly  vul¬ 
nerable,  putting  more  people  at  risk  of  identity 
theft.  The  study  comes  from  Carnegie  Mellon 
University's  Alessandro  Acquisti,  an  assistant 
professor  of  IT  and  public  policy,  and  Ralph 
Gross,  a  postdoctoral  researcher. 
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Too  many  apps  are 
malware  friendly 

Re:  The  10  dumbest  mistakes  network  man¬ 
agers  make  (http://tinyurl.com/quu4me): 

The  key  problem  with  the  people  factor  is 
poorly  written  applications  that  still  require 
the  user  be  logged  in  as  a  member  of  the  local 
machine  administrator  group  for  the  application 
to  run  correctly.  Even  critical  apps  published  by 
the  Big  Guys  are  written  this  way.  Although 
not  necessarily  a  problem  for  the  legacy-coded 
app,  running  a  PC  with  the  user  as  a  member  of 
local  admins  opens  the  PC  for  installation  of  any 
sort  of  potential  malware  that  the  user  cares  to 
accidentally  inflict  upon  the  PC.  Sadly,  there  is 
far  too  much  of  these  legacy-coded  apps,  even 
in  their  latest  versions,  to  effectively  eliminate 
this  problem. 

A  common  workaround  for  this  is  to  tell 
network  admins  to  have  users  logged  in  as 
local  machine  users,  and  have  users  Run  As 
Administrator  for  those  problem  apps.  Some  of 
those  legacy  apps  will  work  correctly  this  way, 
but  many  will  still  refuse.  And,  providing  the 
administrator  logon  to  allow  Run  As  Admin¬ 
istrator  functionality  for  those  users  who  insist 
upon  adding  those  cutsie,  malware-laden  apps 
to  their  PC,  is  almost  as  bad  as  having  the  PC 
logged  in  as  an  administrator.  With  the  tiniest 
bit  of  social  engineering  flim-flam,  one  of  those 
clowns  will  gladly  help  the  malware  wranglers 
set  up  shop  on  their  PC. 

Anon 

Keep  Google  out  of  driver’s  seat 

Re:  Imagine  the  Googlemobile  (http://tinyurl 
.com/138o8y): 

Some  people  really  enjoy  driving.  I  don’t  want 
a  car  driving  for  me.  I  don’t  want  to  sit  on  the 
couch  in  my  ugly-capsule  on  the  way  to  work. 

The  only  good  thing  about  this  is  the  fact 
that  by  2040  I’ll  be  approaching  senility  any¬ 
way,  and  can  live  in  my  own  little  fantasy  world 
where  garbage  like  this  doesn’t  exist. 

Jops 


Take  back  IPv4  addresses 

Internet’s  biggest  issue?  IPv6  transition,  new 
ARIN  CEO  says  (http://tinyurl.com/lo6jrw): 

If  ARIN  went  out  and  simply  demanded  that 
the  early  IPv4  adopters  that  are  camped  on  top 
of  class  A  and  multiple  class  B  addresses  return 
what  they  realistically  don’t  need,  the  depletion 
date  could  easily  be  extended  another  several 
years. 

When  non-ISP  corporate  entities  are  using 
RFC1918  addresses  internally  and  have  limited 
(and  outsource  hosted)  Web  presence  and  still 
maintain  control  over  millions  of  registered  IPv4 
addresses,  ARIN  should  do  something  about  it. 

Anon 

Telcos  and  rural  areas  don’t  mix 

Re:  Broadband  subsidy:  Too  much  money, 
but  mostly  well  targeted  (http://tinyurl.com/ 
Iy85m8): 

The  telcos  and  cable  companies  aren’t  going 
to  touch  a  penny  of  that  money.  It’s  a  poison 
pill  and  they  won’t  be  swallowing.  Look  for  the 
states  to  use  this  money  in  other  creative  ways 
that  don’t  provide  Internet  access. 

Why  would  Comcast  and  Verizon  take  money 
to  build  infrastructure  to  rural  areas  that  still 
won’t  generate  revenue  and  end  up  costing  them 
more  money  in  the  long  run,  as  well  as  subject 
them  to  ‘neutrality’  regulations? 

There’s  a  reason  those  areas  aren’t  built  out 
to  begin  with.  They  don’t  generate  the  revenue 
necessary  to  maintain  them  once  built. 

There  may  be  a  few  edge  cases  where  the  busi¬ 
ness  model  is  workable  if  someone  else  foots  the 
bill  for  the  initial  install,  but  it’s  not  as  many  as 
you  think. 

The  major  issue  they  are  facing  is  that  even  if  a 
brand-new  player  took  the  money  and  built  out 
a  new  market,  how  would  they  provide  access  to 
the  Internet  as  a  whole? 

They  can’t  connect  to  a  backbone  that  doesn’t 
support  these  ‘neutrality’  rules,  and  none  of 
them  do.  It  would  just  be  a  large  LAN  segment. 

Anon 
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Sony  unveils  its 
first  netbook 

The  Vaio  W  will  push  Sony 
into  the  only  part  of  the  PC 
market  showing  growth  at 
present,  http://tinyurl.com/ 
la9kod 


IDG  News  Wire 

China  blocks 
Internet  traffic 
after  ethnic  riots 

The  government  shut  off 
access  last  Sunday  afternoon 
to  stop  the  spread  of  video 
and  information.  Twitter  was 
blocked  nationwide  the  next 
day.  http://tinyurl.com/ 
I9zud6 


IDG  News  Wire 

Panasonic  aims 
a  laser  at  TV 
recycling 

The  company’s  new  recycling 
technology  more  than 
doubles  the  speed  with  which 
a  cathode  ray  tube  can  be  cut 
in  half,  http://tinyurl.com/ 
mlt9wg) 
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The  notification  chain  when  a 
breach  is  suspected 


■  Imagine  the  Googlemobile.  Network 
World's  Google  Subnet  found  out  that  the 
firm  that  designed  the  G1  phone,  Mike  and 
Maaike,  have  developed  a  concept  electric  car. 
OK,  this  has  nothing  to  do  with  Google  except 
in  the  one  degree  of  separation.  It  might 
have  more  to  do  with  Apple  in  that  the  car, 
dubbed  the  "atnmble,”  looks  somewhat  like 
an  old-style  Macintosh  monitor.  The  designers 
also  envision  this  car  to  be  “driverless.”  So, 
while  it  is  toting  you  around  town,  you  can 
chat  on  your  G1  or  surf  the  Web.  The  car  isn’t 
expected  to  come  to  life  via  any  particular 
manufacturer,  or  perhaps  at  all,  says  the 
earth2tech  blog  on  GigaOM.  It  is  merely  a 
concept  offered  as  an  idea  for  others  wanting 
to  design  clean-energy  transportation  for  real. 
http://tinyurl.com/kwq21s 

■  Cisco  lost  market  share  in  network  security 
appliances  and  software  in  1Q09.  Blogger 
Brad  Reese  provides  further  details  on  why 
Cisco  has  lost  market  share  in  network  secu¬ 
rity.  He  quotes  Jeff  Wilson,  network  security 
analyst  at  Infonetics  Research,  on  the  topic: 
“Cisco  is  the  revenue-leading  vendor  overall 
with  38%  of  total  network  security  appliances 
and  software  in  1Q09  (down  2.8  points  from 
4Q08);  Cisco  has  held  this  share  position 
since  CY02;  they’ve  been  a  strong  leader  in 
this  market  for  a  long  time  now,  and  the  main 
reason  for  their  strength  (their  ability  to  sell 
the  total  solution  and  attach  security  sales  to 
network  infrastructure  sales)  is  also  the  main 
reason  for  the  huge  decrease  in  their  revenue 
(a  20%  drop)  in  1Q09;  security  sales  will 
come  back  for  Cisco  (they  noted  that  security 
attach  rates  to  routers  didn’t  decrease  at  all, 
and  their  content  security  revenue  actually 
grew  in  1Q09);  we  expect  that  by  between 
3Q09  and  4Q09  they’ll  be  back  to  4Q08  levels 
for  security  revenue.  Juniper  and  Check  Point 
are  second  and  third  with  10.4%  and  9.5% 
respectively.  Both  felt  the  pinch  in  IQ,  but 
neither  felt  it  as  bad  as  Cisco  did.” 
http://tinyurl.com/ng51  wx) 

■  Microsoft  knew  of  the  IE,  zero-day  ActiveX 
hole  for  months.  Network  World's  Microsoft 
Subnet  reported  that  Microsoft  last  week 
responded  to  accusations  that  it  knew  about 
a  critical  IE  ActiveX  hole  for  as  long  as  18 
months.  The  hole  is  being  actively  exploited 
by  hackers.  To  its  credit,  Microsoft  came  clean 
and  admitted  it  did  indeed  know  since  the 
spring  of  2008.  To  its  detriment,  what’s  the 
point  of  asking  researchers  to  come  to  you 
and  report  under  non-disclosure  bugs  so  you 
can  fix  them  before  the  hackers  find  out  if  you 
don’t  fix  them  until  after  the  hackers  find  out? 
http://tinyurl.com/ljlrhe 


IT  BEST  PRACTICES:  Many  IT  departments 
are  investing  significant  time  and  money  on 
log  management  or  security  incident  and  event 
management  tools.  It  might  be  to  meet  a  regula¬ 
tion  or  mandate  —  Payment  Card  Industry  stan¬ 
dards,  for  instance  —  or  to  better  understand 
what  is  happening  in  the  computing  environ¬ 
ment.  Such  tools  enable  the  administrators  to 
take  a  lot  of  disparate  bits  of  event  information, 
correlate  them  and  present  them  in  a  way  in 
which  it’s  easy  to  spot  anomalies.  What  happens 
when  the  person  monitoring  the  log  manage¬ 
ment  or  SIEM  dashboard  sees  something  a  little 
out  of  the  ordinary?  He  drills  down  for  details, 
of  course.  But  what  happens  (or  should  happen) 
when  those  details  begin  to  suggest  something 
ominous,  such  as  a  data  breach  or  corporate 
fraud?  At  this  point,  a  lot  of  care  needs  to  be 
taken  in  how  the  log  data  is  handled  and  who 
must  be  notified  of  the  situation.  How  the  data  is 
handled  could  impact  whether  or  not  it  can  later 
be  used  as  evidence  in  a  criminal  or  civil  charge. 
Who  is  notified  of  the  suspected  breach  and  how 
they  contribute  to  the  investigation  is  another 
delicate  matter.  A  few  weeks  ago,  we  provided 
best  practice  tips  on  preserving  log  data  for 
a  forensic  investigation.  In  this  article,  we’ll 


discuss  the  notification  chain  and  how  other 
experts  support  the  investigation  and  its  fallout. 

http://tinyurl.com/l3xwnz 

NETWORK  MANAGEMENT:  Not  all  IT 

organizations  respond  to  a  recession  in  the 
same  way,  according  to  Forrester  Research, 
which  conducted  a  survey  that  revealed  some 
companies  continue  to  invest  in  technology  to 
meet  business  demands.  In  its  June  2009  report 
“Innovation  and  Agility  —  Driving  IT  Success  in 
Economic  Hard  Times,”  Forrester  revealed  the 
results  of  a  survey  of  46  enterprise  IT  decision¬ 
makers  that  shows  three  primary  reactions  to 
the  recession.  While  many  organizations  cut 
budgets  to  ride  out  the  economic  downturn, 
Forrester  found  that  not  all  companies  resort  to  a 
bunker  mentality.  “Across  all  of  these  compa¬ 
nies,  traditional  approaches  to  budget  cuts 
abound  —  like  postponing  upgrades,  terminat¬ 
ing  long-running  projects  or  reducing  travel  . 
and  entertainment,”  the  report  reads.  “But  some 
firms  aren’t  hiding  out,  waiting  for  the  recession 
to  pass.  Instead,  they  are  investing  in  agility  to 
keep  their  options  open,  or  they  are  investing  in 
business  innovation  to  help  them  accelerate  out 
of  the  recession.”  http://tinyurl.com/m8t9e 
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Gartner  sees  greater  drop  in 
IT  spending  than  forecasted 

|  T  spending  is  expected  to  decline  by  6%  this  year  to  $3.2  trillion  worldwide, 
I  according  to  Gartner,  which  in  March  had  forecast  only  a  3.8%  drop.  The 
continuing  recession  and  exchange  rate  fluctuations  were  cited  as  primary 
reasons.  Hardware  will  be  the  hardest  hit  IT  sector,  with  spending  projected 
to  decline  16.3%.  But  all  four  major  segments  of  the  market  —  hardware,  soft¬ 
ware,  IT  services  and  telecommunications  —  will  be  impacted  by  the  slowdown. 
“While  the  global  economic  downturn  shows  signs  of  easing,  this  year  IT  budgets 
are  still  being  cut  and  consumers  will  need  a  lot  more  persuading  before  they 
can  feel  confident  enough  to  loosen  their  purse  strings,”  said  Richard  Gordon, 
research  vice  president  and  head  of  global  forecasting  at  Gartner.  http://tinyurl. 
com/naku2s 


Microsoft  to  release  half-dozen  security 
updates.  Microsoft  last  week  announced  that 
it  will  provide  six  security  updates  Tuesday, 
including  two  for  holes  that  hackers  have  been 
using  for  months  to  attack  Windows  and  Inter¬ 
net  Explorer.  Of  the  six  updates  previewed  in 
the  advance  notice,  three  will  affect  Windows, 
and  one  each  will  patch  problems  in  Publisher, 
Internet  Security  and  Acceleration  Server 
and  Microsoft’s  Virtual  PC  and  Virtual  Server 
software.  The  Windows  updates  will  be  tagged 
“critical,”  Microsoft’s  highest  threat  ranking, 
while  the  others  will  be  marked  “important,” 
the  next  rating  down  in  the  company’s  four- 
step  scoring  system. 
http://tinyurl.com/l8kl74 

IT  pros  continue  to  lose  jobs.  As  the  national 
unemployment  rate  continues  to  creep  up,  the 
number  of  jobs  cut  in  high-tech  industries  is 
also  increasing  across  several  IT  segments 
tracked  by  Foote  Partners.  Recently  released 
Department  of  Labor  statistics  show  the 
national  unemployment  rate  is  nearing 
10%  with  467,000  non-farm  jobs  lost  in 
June.  Among  the  jobs  being  cut  are  many  in 
high-tech  industries  such  as  communications 
equipment,  which  lost  2,100  positions  in  June 
after  shedding  600  in  May.  About  1,100  man¬ 
agement/technical  consulting  positions  were 
lost  in  June,  after  700  were  added  in  May  and 
1,600  in  April.  Potential  signs  of  a  slowdown 
in  job  cuts  could  be  found  in  fewer  total  posi¬ 
tions  eliminated,  Foote  Partners  suggests.  The 
computer/peripheral  equipment  industry  lost 
2,300  jobs  last  month,  fewer  compared  with 
the  3,200  eliminated  in  May. 
h  ftp  ://ti nyurl.  com/m3a  9c  p 

EMC  scores  win  against  rival  NetApp.  EMC 

has  scored  another  victory  over  storage  rival 
NetApp  by  purchasing  Data  Domain,  a  merger 
that  widens  the  technological  gap  between  the 


companies  in  the  fast-growing  data  de-duplica- 
tion  market.  NetApp  desperately  wanted  Data 
Domain  to  bolster  its  largely  unsuccessful  de- 
duplication  business,  as  evidenced  by  its  $1.9 
billion  bid  to  purchase  the  company.  But  EMC 
proved  too  rich,  and  last  week  signed  a  defini¬ 
tive  agreement  to  buy  Data  Domain  for  $2.1  bil¬ 
lion.  “This  is  a  move  that  strengthens  EMC  and 
doesn’t  put  them  in  any  financial  or  competitive 
bind,”  notes  Pund-IT  analyst  Charles  King. 
“From  a  competitive  standpoint,  EMC  won  the 
day  here.”  De-duplication  is  expected  to  play 
a  major  role  in  the  storage  market  because  it 
lets  companies  reduce  the  amount  of  disk  space 
they  need  in  their  data  centers. 
http://tinyurl.com/kjwmos 

Ericsson  signs  deal  to  run  Sprint  networks. 

Sprint  and  telecom  systems  provider  Ericsson 
have  signed  a  seven-year  deal  that  will  give 
Ericsson  day-to-day  responsibilities  for  man¬ 
aging  Sprint’s  wireline  and  wireless  networks. 
Sprint  says  that  while  it  will  retain  full  owner¬ 
ship  and  control  over  its  networks,  Ericsson 
will  be  responsible  for  the  provisioning  and 
maintenance  of  Sprint’s  iDEN,  CDMA  and 
wireline  networks.  Bob  Azzi,  Sprint’s  network 
senior  vice  president,  said  Sprint  is  choosing 
to  outsource  its  network  operations  to  redirect 
resources  to  other  priorities  such  as  enhancing 
wireless  coverage  and  improving  customer 
service.  Sprint  says  about  6,000  of  its  employ¬ 
ees  will  be  transferred  to  Ericsson  as  part  of  the 
deal,  http://tinyurl.com/ktcnbz 

IBM  security  software  masks  confidential 
info.  IBM  researchers  said  last  week  they  have 
developed  software  that  uses  optical  character 
recognition  and  screen  scraping  to  identify 
and  cover  up  confidential  data.  According  to 
IBM,  the  driving  idea  behind  the  MAGEN 
(Masking  Gateway  for  Enterprises)  system  is 
to  prevent  data  leakage  and  allow  the  sharing 


of  data  while  safeguarding  sensitive  business 
data.  MAGEN  works  at  the  screen  level  by 
‘catching’  the  information  before  it  hits  the 
screen,  analyzing  the  screen  content,  and 
then  masking  those  details  that  need  to  be 
hidden  from  the  person  logged  in.  The  major 
novelty  lies  in  architecting  a  single  system  that 
handles  a  wide  range  of  scenarios  in  a  central¬ 
ized  and  unified  manner,  IBM  stated. 
http://tinyurl.com/ksd7dx 

Apple’s  iPhone  App  Store  hits  its  first  year. 

Apple’s  iPhone  App  Store  celebrated  its  first 
full  year  in  business  this  past  weekend  having 
surpassed  1  billion  downloads  of  the  more 
than  55,000  applications.  The  App  Store’s 
success  has  led  to  nearly  every  maker  of  a 
smartphone  operating  system  to  mimic  the 
concept  of  making  it  easy  to  purchase  and 
wirelessly  download  software  from  a  third- 
party  developer.  In  the  past  year,  Research  in 
Motion,  maker  of  the  BlackBerry,  Microsoft, 
maker  of  the  Windows  Mobile  OS,  Google, 


backer 

of  the  Android 
mobile  platform,  and  Palm,  maker  of  the  Palm 
Pre  and  WebOS,  have  all  launched  applica¬ 
tion  storefronts.  The  App  Store  concept  “is 
the  future  of  the  software  market,”  said  Rob 
Enderle,  analyst  for  the  Enderle  Group.  “It 
changes  the  model.  We  live  in  an  online  world 
and  App  Store  anticipates  that  we  won’t  be 
buying  software  in  a  store.” 
http://tinyurl.com/mo6yk8 

Oracle  halts  work  on  green  data  center. 

Oracle  recently  halted  work  on  a  green  data 
center  project  in  a  suburb  of  Salt  Lake  City, 
but  it  is  not  clear  why.  The  data  center  in 
West  Jordan,  which  is  supposed  to  support 
Oracle’s  on-demand  division,  was  announced 
last  year  under  the  name  “Project  Sequoia.” 
Various  reports  have  placed  the  center’s  size 
at  200,000  square  feet,  with  a  construction 
budget  of  about  $300  million.  The  project  was 
to  make  major  advancements  in  power  savings, 
according  to  a  presentation  by  Oracle  CIO 
Mark  Sunday  at  last  year’s  Linux  World  confer¬ 
ence.  But  for  now,  that  vision  won’t  be  realized. 
Utah  expects  Oracle  will  resume  the  project, 
but  the  vendor  hasn’t  stated  a  time  frame,  Sul¬ 
livan  added,  http://tinyurl.com/n23759 
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NEWSANALYSIS 


Heady  days  for  mobile  Web  apps 


BY  JOHN  COX 


Google’s  announcement  of  its  ambitious 
Chrome  OS  has  thrown  a  spotlight  on 
a  number  of  emerging  Web  technolo¬ 
gies  that  promise  to  transform  mobile 
application  development. 

For  enterprise  IT,  the  transformation  means 
faster,  simpler  development  of  mobile  applica¬ 
tions  that  can  run  inside  powerful  modern  Web 
browsers,  many  based  on  the  open  source  Web- 
kit  technology,  and  mimic  many  of  the  charac¬ 
teristics  of  native  applications  that  are  written 
for  and  compiled  to  a  specific  operating  system. 
Both  Google  with  Chrome  OS  and  Palm  with 


its  webOS  are  making  use  of  these  same  tech¬ 
nologies,  but  doing  so  outside  the  browser.  Both 
are  using  a  Linux  kernel  as  the  foundation,  then 
marrying  it  with  the  latest  version  of  the  open 
source  Webkit  HTML  rendering  and  JavaScript 
engine,  a  kind  of  “headless”  browser.  The  Web¬ 
kit  engine  will  act  as  the  execution  engine  for 
native  applications,  accessing  device  and  Linux 
features  as  needed,  written  in  JavaScript. 

This  new  breed  of  mobile  Web  applications 
(and  Google’s  major  revision  of  Gmail  for  mobile 
earlier  this  year  is  a  good  example)  can  be  stored 
locally,  along  with  user  and  other  data,  so  it  can 
run  even  without  an  Internet  connection.  Writ¬ 
ten  in  JavaScript,  these  applications  can  run  as 


much  as  five  times  faster  than  just  a  year  ago, 
due  to  a  new  generation  of  powerful  JavaScript 
engines.  They  offer  a  degree  of  interactivity 
and  richness  not  possible  before.  And,  at  least 
in  theory,  such  applications  could  run  with  any 
of  the  modern  browsers  that  also  support  the 
latest  relevant  standards,  such  as  HTML  5  and 
Cascading  Style  Sheets  (CSS)  3. 

They’re  much  more  sophisticated  than  Web 
widgets,  or  even  the  thousands  of  JavaScript  or 
Zool  extensions  for  FireFox,  and  simpler  to  cre¬ 
ate  than  browser  plugins  written  in  C  or  C++. 

But  such  mobile  applications  will  also  pose 
the  same  kind  of  security  challenges  as  desktop 
browsers.  Performance  differences  with  native 

See  Mobile, page  18 


■  Chrome,  from  page  1 

Google  clearly  is  rushing  to  get  its  strategy 
and  services  aligned  for  the  next  round  of  battle 
with  the  software  giant,  which  has  a  product 
pipeline  set  to  gush  between  now  and  the  end 
of  2010.  The  questions,  however,  are  how  ready 
is  Google,  can  it  create  something  compellingly 
different  and  innovative,  and  if  it  does,  what  size 
dent  can  it  make  in  the  Microsoft  armor? 

The  ramp  up  was  slow  as  the  Chrome  OS 
announcement  came  in  a  very  un-Google-like 
fashion,  arriving  without  any  active  code  and  in 
the  form  of  blogware. 

“With  Windows  7  about  to  ship,  it  would 
have  been  better  for  Google  to  release,  rather 
than  simply  announce,  an  alternative  for  the 
netbook  market,”  wrote  Laurent  Lachal,  open 
source  director  at  Ovum,  in  a  research  note.  “Key 
to  Google’s  OS  success  will  be  its  ability  to  cre¬ 
ate  a  strong  community  around  it.  This  is  going 
to  be  difficult.  A  rethink  of  the  project  based  on 
an  alliance/convergence  effort  with  the  Ubuntu 
[Linux]  community  could  help.” 

The  Chrome  OS  introduction  raises  more 
questions  than  it  answers.  Google  has  yet  to 
explain  exactly  how  it  will  function  and  why 
it  will  be  better  than  current  browser  access  to 
Web-based  applications. 

The  big  challenge  will  be  to  prove  that  the 
operating  system  works  well  enough  to  trigger 
significant  adoption.  IDC  forecasts  that  Micro¬ 
soft  will  ship  117  million  copies  of  Windows  in 
2010  with  half  being  Windows  7. 

Chipping  at  those  numbers  will  be  difficult 
because  Google  is  only  targeting  the  netbook 
subset  of  the  personal  computing  market. 

Experts  say  Google  must  create  an  exciting 
rush  of  innovation  comparable  to  what  Apple’s 
iPhone.achieved. 

“This  could  be  an  opportunity  to  take  this 
stuff  in  the  browser  and  bring  it  closer  to  the 
desktop  environment  and  make  things  appear 
to  run  natively  from  the  desktop,”  says  Al  Gillen, 


an  analyst  with  IDC. 

Working  in  Google’s  favor  is  that  it  plans  to 
offer  the  operating  system  for  free  to  OEMs  that 
on  average  pay  Microsoft  $40  (consumer)  to  $90 
(business)  for  a  copy  of  Windows. 

But  pricing  doesn’t  discount  the  task  Google 
will  have  building  a  partner  network  to  provide 
applications,  drivers  and  other  peripherals  to 
work  with  Chrome  OS  netbooks  and  eventually 
the  desktop  PC  version  Google  plans  to  offer. 

Google  is  receiving  encouragement  from  open 
source  advocates  such  as  the  Linux  Foundation 
and  potential  rivals  such  as  Red  Hat. 

“Open  source  has  proven  to  be  a  better  model 
of  development  and  the  platform  of  the  future.  We 
look  forward  to  seeing  how  [Google’s]  project  will 
progress,”  says  Leigh  Day,  senior  director  of  global 
corporate  communications  for  Red  Hat. 

But  the  support  Google  needs  doesn’t  center  on 
furthering  the  cause  for  Linux  and  open  source. 

“The  real  critical  issue  for  now  is  not  how  well 
can  Google  create  a  netbook  OS,  it  is  more  how 
can  they  build  out  a  very  robust  and  interesting 
partner  infrastructure  for  building  applications 
and  tools  that  PC  users  depend  on  every  day,” 
says  Charles  King,  principal  analyst  with  Pund- 
IT.  “We  have  to  see  some  major-league  ISVs  buy 
into  the  Web-delivery  apps  that  Chrome  OS 
devices  are  built  for.” 

That  is  another  area  where  Google  has  a  lot 
of  ground  to  make  up  on  Microsoft,  which  will 
welcome  more  than  7,500  partners  to  its  annual 
Partner  Conference  this  week. 

It  is  there  that  Microsoft  is  expected  to  unveil 
pricing  for  its  Azure  cloud  computing  plat¬ 
form  and  release  preview  code  for  its  Office 
Web  Apps.  The  Office  Web  Apps,  slated  to  ship 
early  next  year  with  Office  2010,  are  one  reason 
Google  last  week  removed  the  beta  tag  from  its 
Google  Apps. 

“For  too  many  companies  looking  at  com¬ 
mercial  Gmail,  the  beta  label  was  like  a  blinking 
neon  light  that  flashed  ‘amateur,  amateur...’  “ 


says  Matt  Cain,  an  analyst  with  Gartner. 

Microsoft  plans  to  weave  a  story  of  integration 
between  the  Web-based  Office  applications  and 
the  traditional  desktop  version. 

The  Office  Web  Apps  will  provide  synchroniza¬ 
tion  of  e-mail,  calendar  and  contact  items  between 
Web  browsers,  including  Internet  Explorer,  Fire- 
fox  and  Safari;  desktop  applications  through  the 
Outlook  client;  and  mobile  devices  from  Micro¬ 
soft,  Research  in  Motion  and  Apple. 

It’s  a  powerful  link  that  could  help  Microsoft 
stem  any  bleeding  from  its  Office  install  base  to 
Web-based  productivity  applications  Google 
will  offer  using  Chrome  OS  as  the  interface  and 
Google  Apps  on  the  backend. 

“If  you  could  run  [Microsoft]  Office  on  Linux 
or  on  a  Google  operating  system,  I  think  the 
other  operating  systems  would  be  much  more 
appealing,"  says  Tom  Amrhein,  CIO  at  For¬ 
rester  Construction  in  Rockville,  Md.  “The  rea¬ 
son  Microsoft  has  a  good  grasp  on  the  desktop 
has  less  to  do  with  the  desktop  than  its  complete 
domination  of  the  office  space.” 

Microsoft  will  tighten  that  grip  with  other 
innovations  that  nip  at  features  of  Google  Voice 
that  have  limited  integration  with  Google  Apps. 

At  the  Partner  Conference  it  is  expected  to 
show  Office  Web  Apps  support  for  voice  mail 
delivery  to  e-mail  in-boxes.  Users  also  will  be 
able  to  communicate  using  instant  messag¬ 
ing  integrated  with  a  user’s  desktop  Outlook 
address  book. 

Google  is  in  a  position  Microsoft  has  often 
been  caught  in  when  it  has  shipping  and  non¬ 
shipping  products  that  need  to  be  integrated  to 
support  a  grand  platform  vision.  Only  time  will 
tell  if  Google  can  pull  it  all  together. 

“We  do  not  expect  Google  Chrome  OS  to  take 
over  the  world  —  it  is  a  bit  late  for  that,”  Ovum’s 
Lachal  says. 

Network  World  Senior  Writer  Jon  Brodkin  contrib¬ 
uted  to  this  report. 
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NEWSANALYSIS 


The  botnet  world  is  booming 

BY  ELLEN  MESSMER 


Top  10  spam  botnets  (June  2009) 


Botnet 

%  of  spam 

Spam  per  minute 

Estimated 
botnet  size 

Cutwail 

45.8% 

51,469,251 

1,400K  -  2.100K 

Mega-D 

9.3% 

10,446,954 

460K  -  700K 

Grum 

6.0% 

6,683,822 

600K  -  900K 

Rustock 

4.5% 

5,021,937 

640K  -  960K 

Donbot 

3.2% 

3,576,516 

360K  -  540K 

Bagle 

1.7% 

1,886,316 

300K  -  450K 

Gheg 

1.4% 

1,539,356 

170K  -250K 

Xarvester 

0.2% 

198,001 

30K  -  50K 

Asprox 

0.2% 

265,741 

11K  -  17K 

Darkmailer 

0.1% 

65,246 

IK 

Unclassified  botnets 

10.5% 

11,814,434 

860K  -  1300K 

SOURCE:  SYMANTEC  NOTE:  THE  OTHER  17%  OF  SPAM  COMES  FROM  DIFFERENT  SOURCES. 


he  thriving  world  of  botnet  attacks 
continues  to  demand  IT’s  attention. 

With  U.S.  and  South  Korean  gov¬ 
ernment  Web  sites  hit  by  distributed 
denial-of-service  (DoS)  attacks  last 
week  by  a  botnet  controlled  by  an  unidentified 
attacker  —  North  Korea  is  suspected,  however  — 
the  shadowy  world  of  botnets  continues  to  grow 
unabated. 

According  to  the  ShadowServer  Founda¬ 
tion,  a  group  sharing  information  about  botnet 
activity,  the  number  of  identified  botnets,  which 
started  to  take  off  about  half  a  dozen  years  ago, 
has  grown  from  about  1,500  two  years  ago  to 
3,500  today. 

This  latest  botnet  is  believed  to  be  carried  out 
through  hidden  manipulation  of  about  50,000 
compromised  computers  using  an  updated  ver¬ 
sion  of  an  old  virus,  My  Doom.  So  far  the  botnet- 
directed  attacks  against  the  United  States  and 
South  Korea,  have  done  no  lasting  harm  to  the 
many  Web  sites  struck,  although  the  Federal 
Trade  Commission  (FTC)  and  the  Department 
of  Transportation  suffered  outages  and  FTC.gov 
still  is  struggling,  according  to  Keynote  Systems, 
which  measures  and  monitors  Web  site  use.  And 
the  distributed  DoS  botnet  episode  is  ongoing, 
with  more  hits  expected  on  South  Korean  banks 
and  a  newspaper,  says  South  Korean  antivirus 
firm  AhnLab,  which  analyzed  malware  samples 
associated  with  the  attacks. 

It’s  not  just  distributed  DoS  attacks  that  are 
associated  with  botnets.  Botnets  are  usually  spe¬ 
cialized,  designed  for  criminal  tasks  that  range 
from  spam  distribution;  stealing  identity  cre¬ 
dentials  such  as  passwords,  bank  account  data 
or  credit  cards  and  keylogging;  click  fraud;  and 
warez  (stealing  intellectual  property  or  obtain¬ 
ing  pirated  software). 

“There’s  usually  a  primary  purpose  to  a  bot¬ 
net,”  says  Jose  Nazario,  manager  of  security 
research  at  Arbor  Networks.  “There  are  turf 
wars  out  there  as  criminals  are  vying  for  the 
desktop.  They  try  to  kick  each  other  off.” 

Although  botnets  come  and  go,  the  more  suc¬ 
cessful  ones  have  endured  for  years  as  large 
command-and-control  systems  operated  by 
shadowy  groups  that  have  taken  over  hundreds 
of  thousands  of  desktops. 

These  botnets  are  bequeathed  names  by 
researchers  probing  them.  Gammima  (gaming 
password  stealer),  Conficker  (fake  antivirus) 
and  Zeus  (information  stealer),  are  among  the 
largest,  according  to  security  firm  Damballa. 

But  sizing  botnets  up  in  terms  of  actual  num¬ 
bers  of  compromised  computers  under  their 
control  as  bots  (sometimes  called  “drones”)  is 
tough,  many  experts  say. 

That’s  because  these  numerical  counts,  typi¬ 
cally  based  on  detected  numbers  of  infected 


numbers  are  influenced  up  or  down  by  network 
technologies  such  as  network-address  transla¬ 
tion.  And  there’s  constant  change. 

The  irony  of  Conficker,  which  has  infected  an 
estimated  1  million  to  10  million  machines  and 
has  made  attempts  to  sell  fake  antivirus  to  its 
victims,  is  that  it  remains  so  quiet. 

“It’s  one  of  the  largest  botnets  out  there  but 
currently  it’s  doing  nothing,”  says  Nazario,  who 
believes  Conficker  has  infected  about  5  million 
Windows-based  computers. 

The  easiest  type  of  botnet  to  count  seems  to  be 
the  spam  botnets.  According  to  Symantec’s  Mes- 
sageLabs  division,  the  top  botnet  in  June  was  one 
called  Cutwail,  which  generated  more  than  45% 
of  all  spam  worldwide  by  controlling  about  1.4 
million  to  2.1  million  compromised  computers 
at  any  time. 

But  the  FTC’s  shutdown  last  month  of  Web 
hosting  firm  Pricewert,  accused  of  illegal  activi¬ 
ties  involving  botnets  and  child  porn  (which 
Pricewert  denies)  has  disrupted  the  Cutwail 
botnet,  says  Matt  Sergeant,  chief  antispam  tech¬ 
nologist  at  MessageLabs. 

Cutwail,  which  exists  as  two  distinct  malware 
versions  “is  not  currently  No.  1  anymore,”  Ser¬ 
geant  says.  He  predicts  that  by  the  end  of  July,  it’s 
likely  the  No.  2  botnet,  Rustock,  which  had  only 
controlled  4.5%  of  the  world’s  spam,  will  jump 
to  about  50%  of  spam,  with  Cutwail  knocked 
down,  though  struggling  for  a  comeback. 

The  buyers  of  spam  services  in  the  under¬ 
ground  economy  appear  to  be  switching  from 
Cutwail  to  Rustock,  Sergeant  suspects.  Both 
botnets  have  existed  for  several  years,  with  their 
master  controllers  suspected  to  be  in  Ukraine 
or  Russian-speaking  countries.  Several  other 


sia  in  general  for  all  manner  of  botnets. 

Nazario  and  Sergeant  both  say  prosecuting 
illegal  botnet  activity  is  very  difficult  across 
different  countries,  though  they  credit  the  FBI 
with  determined  law-enforcement  efforts  on 
this  front. 

One  of  the  most  dangerous  botnets  out  there 
by  many  accounts  is  Torpig,  which  is  designed 
to  steal  identity  credentials,  credit  cards,  bank 
account  and  PayPal  information,  and  more. 

“It’s  very  sophisticated,  hiding  on  your 
machine  with  a  rootkit  to  survive,”  says  Joe 
Stewart,  director  of  malware  research  at  Secure- 
Works.  “It  will  silently  sit  there  in  the  system 
and  grab  bank  account  log-ins  and  silently  send 
them  out  of  your  machine.” 

Infiltrating  the  Torpig  botnet  to  find  out 
exactly  what  it  was  doing  was  the  mission 
undertaken  earlier  this  year  by  eight  research¬ 
ers  at  the  University  of  California,  Santa  Barbara, 
in  the  Department  of  Computer  Science’s  secu¬ 
rity  group.  It  set  up  a  server  in  an  undisclosed 
location  and  simply  waited  for  Torpig  to  find  it, 
based  on  an  analysis  of  Torpig  malware. 

“We  knew  in  advance  what  were  the  sequence 
of  addresses  they  would  visit  so  we  just  waited,” 
says  Giovanni  Vigna,  the  UC  Santa  Barbara 
computer  science  professor  who  teamed  with 
staff  and  graduate  students  to  bust  into  Torpig. 

Last  month  they  published  the  eye-popping 
account  of  what  happened  in  the  10  days  before 
they  were  dropped  from  Torpig,  apparently 
because  its  operators  discovered  the  infiltration. 

The  report,  “Your  Botnet  is  My  Botnet:  Analy¬ 
sis  of  a  Botnet  Takeover,”  details  how  the  Torpig 
botnet  made  more  than  180,000  infections  on 

See  Botnets,  page  18 
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11  IT  security  companies  to  watch 

Detecting  botnets,  mobile  phone  protection,  security  among  focus  areas 


BY  ELLEN  MESSMER 


n  spite  of  the  headwinds  from  a  stormy  econ¬ 
omy,  these  start-up  companies  are  down  the 
runway  and  taking  off  with  innovative  prod¬ 
ucts  and  services  for  IT  security.  On  their 
radar  can  be  found  a  focus  on  botnet  and 
malware  detection  as  well  as  mobile  and  virtu¬ 
alization  security. 

Damballa 

Founded:  2006 

Headquarters:  Atlanta 

Focus:  Detection  of  botnet- 
infected  computers. 

Why  it’s  worth  watching:  With 
botnets  used  by  criminal  organiza¬ 
tions  to  steal  sensitive  information, 
there’s  more  incentive  than  ever  to 
be  able  to  identify  infected  machines.  Dambal- 
la’s  Failsafe  gateway  appliance,  out  this  year,  is 
designed  to  spot  bot  activity  on  networks. 

How  company  got  its  start:  Its  roots  have 
grown  from  academic  research  on  malware  and 
botnet  detection  done  by  Damballa’s  four  found¬ 
ers,  Merrick  Furst,  Wenke  Lee,  David  Dagon  and 
Richard  Lipton,  all  professors  at  Georgia  Insti¬ 
tute  of  Technology. 

How  company  got  its  name:  A  voodoo  snake 
god. 

CEO:  Steven  Linowes,  formerly  in  corpo¬ 
rate  development  at  Yahoo;  also  was  CEO  of 
Mercatus. 

Funding:  $8.5  million  from  Sigma  Partners, 
others 

Who’s  using  the  product:  About  a  dozen 
users,  including  Procter  &  Gamble. 

Dasient 

Founded:  2008 

Headquarters:  Palo  Alto 

Focus:  Detection  and  quarantine  of  malware 
infections  on  Web  sites. 

Why  it's  worth  watching:  Millions  of  Web 
sites  are  infected  each  year  because  attackers, 
through  various  means  such  as  SQL  injection 
attacks,  find  a  way  to  load  malware  onto  legiti¬ 
mate  Web  sites,  creating  attack  pages  —  a  prob¬ 
lem  Dasient  believes  its  Web  Anti-Malware  ser¬ 
vice  can  mitigate  effectively. 

How  company  got  its  name:  Co-founders 
Neil  Daswani  (formerly  security  product  man¬ 
ager  at  Google)  and  Shariq  Rizvi  (Google  soft¬ 
ware  engineer)  departed  Google  last  year  to 
found  Dasient  with  Ameet  Ranadive,  whose 
background  include  stints  at  consultancy  McK- 
inseyandHP. 

How  company  got  its  name:  Has  no  spe¬ 
cific  meaning  “but  we  will  give  it  meaning,”  the 


co-founders  say. 

Funding:  $  2  million  from  sources  that  include 
Radar  Partners,  Stratton  Sclavos,  Maples  Invest¬ 
ment  and  Eric  Benhamou. 

Who's  using  the  product:  Several  beta  cus¬ 
tomers,  including  Family  Communications. 

Deifigo  Security 

Founded:  2008 

Headquarters:  Boston 

Focus:  Fraud  detection  for  Web 
sites  with  log-in  procedures. 

Why  it’s  worth  watching:  Del- 
figo’s  software-as-a-service  model 
delivers  a  real-time  scoring  of 
security  risk  related  to  the  user’s 
normal  Web  site  authentication 
procedures  in  order  to  validate 
genuine  identity.  The  Deifigo 
analysis  includes  geo-spatial  IP  and  keyboard 
language  methods. 

How  company  got  its  start:  As  a  consultant, 
Ralph  Rodriquez  got  the  idea  for  the  fraud-detec¬ 
tion  system  while  observing  some  Department 
of  Defense  systems  combating  fraud  issues. 

How  company  got  its  name:  Variation  on  the 
Latin  word  “defigo”  to  fix  firmly,  secure. 

CEO:  Rodriguez,  previously  senior  vice  presi¬ 
dent  at  the  technology  practice  at  research  firm 
Aberdeen  Group 

Funding:  Undisclosed  from  Stage  1  Ventures. 

Who’s  using  the  product:  Undisclosed 

Egress  Software  Technologies 

Founded:  2007 

Headquarters:  London,  with  U.S.  base  in 
Chicago 

Focus:  Software-as-a-service  encryption 

Why  it’s  worth  watching:  Called  “Switch,” 
this  SaaS  that  debuted  this  spring  lets  the  user, 
via  the  Egress  client  software,  apply  encryp¬ 
tion  to  data  on  any  media  type  and  authorize 
intended  recipients.  The  Egress  Switch  in  the 
cloud  maintains  an  audit  trail  of  the  shared 
information,  which  signals  back  the  data’s  status, 
whether  it  was  decrypted  or  used,  and  allowing 
the  data  owner  to  make  changes. 

How  company  got  its  start:  Co-founders 
Tony  Pepper  (CEO)  and  Neal  Larkin  (COO)  saw 
the  usefulness  in  wrapping  controls  around  data 
being  transmitted  via  a  cloud-based  service. 

How  company  got  its  name:  Means  data  that 
goes  out. 

CEO:  Tony  Pepper,  formerly  executive  at  Reflex 
Magnetics,  which  was  acquired  by  Pointsec, 
which  later  became  part  of  Check  Point. 

Funding:  Undisclosed  and  self-funded. 

Who’s  using  the  product:  Royal  Bank  of  Scot¬ 
land,  Computer  Sciences  Corp. 


FirelD 

Founded:  2006 

Headquarters:  Capetown,  South  Africa 

Focus:  Mobile  phone  security 

Why  it’s  worth  watching:  This  South  Afri¬ 
can  upstart  wants  to  take  on  giants  RSA  and 
VeriSign  in  one-time  crypto-based  password 
generation  with  FirelD  software.  The  product, 
introduced  in  January,  generates  a  one-time 
password  on  mobile  phones. 

How  company  got  its  start:  Co-founders  and 
entrepreneurs  Justin  Stanford  and  Eric  Zlan- 
deren  believe  the  work  done  by  CTO  Malan  Jou- 
bert  (the  third  co-founder)  on  OATH-compliant 
cryptography  for  mobile  phone  security  will  be 
in  demand  as  mobile-computing  with  serious 
applications  takes  off. 

How  company  got  its  name:  Burning  with 
ideas,  the  founders  liked  the  word  “fire.” 

CEO:  Jenny  Dugmore,  formerly  regional  man¬ 
ager  at  Sybase. 

Funding:  Undisclosed 

Who’s  using  the  product:  Sybase  in  South 
Africa  as  well  as  firms  Tsohle,  among  others. 

HyTrust 

Founded:  2007 

Headquarters:  Mountain  View,  Calif. 

Focus:  Policy  enforcement  for  VMware 
security. 

Why  it’s  worth  watching:  Virtualization  roll¬ 
outs  are  spurring  developments  in  management 
and  security  technologies.  HyTrust’s  offering 
is  a  policy-enforcement  gateway  appliance  for 
VMware. 

How  company  got  its  start:  Two  of  the  co¬ 
founders,  Eric  Chiu  and  Rena  Budko,  worked 
together  at  Cemaphore  Systems,  and  Budko’s 
prior  work  experience  at  VMware  convinced 
her  a  policy-management  engine  for  VMware 
would  find  need  among  the  user  base.  The  other 
two  founders,  Boris  Strongin  and  Boris  Belov, 
are  software  design  engineers  with  experience 
at  various  high-tech  firms,  including  Determina, 
Cisco  and  Entercept. 

How  company  got  its  name:  High  hopes  on 
high  trust. 

CEO:  Chiu 

Funding:  $5.5  million  from  Trident  Capital 
and  Epic  Ventures. 

Who’s  using  the  product:  Stanford  Hospital 
&  Clinics. 

InDorse  Technologies 

Founded:  2006 

Headquarters:  New  York  City 

Focus:  SharePoint  security 

Why  it’s  worth  watching:  Microsoft’s 
See  Security  on  page  16 
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Trusteer’s  Rapport  is  typically  offered  by  financial  institutions  to  clients  to  help  detect 
phishing  attacks. 


n  Security  from  page  14 

SharePoint  server  application  is  popular,  and 
the  InDorse  Discover,  Tag  and  Protect  toolset 
released  in  March  adds  security  controls  to 
monitor,  detect  and  if  necessary  block  the  use 
of  data  associated  with  SharePoint,  in  a  manner 
akin  to  data-leak  prevention  and  digital-rights 
management. 

How  company  got  its  start:  Founder  Rob 
Marano  credits  software  development  work  on 
tagging  he  saw  at  a  small  company  called  House 
of  Development  in  Jeddah,  Saudi  Arabia,  for 
inspiring  the  creation  of  the  InDorse  Suite. 

How  company  got  its  name:  Play  on  the 
word  “endorse”. 

CEO:  Marano,  formerly  founder  of  River  soft 
and  Micromuse. 

Funding:  $5  million  investment  from  VC 
Bank,  with  House  of  Development  as  minority 
investor. 

Who’s  using  the  product:  Undisclosed 

SafeMashups 

Founded:  2009 

Headquarters:  San  Antonio,  Texas 

Focus:  Tools  for  establishing  trust  and  secu¬ 
rity  in  Web  2.0  applications. 

Why  it’s  worth  watching:  Web  mashups 
largely  lack  security  controls,  but  the  SafeMash¬ 
ups  MashSLL  Web  toolkit  could  change  that.  It’s 
basically  a  protocol  for  a  Web  application  to  talk 
to  another  application  through  a  browser  to 
trusted  code  combined  on  the  fly  over  the  Web 
in  mashups.  This  system  of  trust  won’t  just 
require  inventive  technology,  but  broad  indus¬ 
try  support. 

How  company  got  its  start:  Founder  Ravi 
Ganesan  became  intrigued  by  the  security 
issues  posed  by  the  mashup,  where  code  is  re¬ 
combined  on  the  fly. 

How  company  got  its  name:  Making  mash¬ 
ups  safe  —  or  at  least  safer. 

CEO:  Ganesan,  research  professor  and  crypto 
expert  at  the  University  of  Texas  and  previously 
founder  of  TriCipher. 

Funding:  Backing  under  the  $3.5  million  incu¬ 
bator  program  at  the  Institute  for  Cyber  Security 
at  the  University  of  Texas  at  San  Antonio,  which 
draws  in  student,  staff  and  university  facilities 
as  available  resources  to  work  on  projects. 

Who’s  using  the  product:  Undisclosed 

Talis  Data  Systems 

Founded:  2006 

Headquarters:  San  Diego 

Focus:  Network  security  for  the  desktop. 

Why  it’s  worth  watching:  The  Datagent  3.5- 
inch  hardware-based  security  device,  integrated 
into  desktop  computers,  sets  control  on  access  to 
USB  ports  and  allows  controlled  access  to  net¬ 
works  based  on  a  wide  variety  of  factors,  such 
as  domain  separation  and  time  of  day. 

The  U.S.  military  has  set  up  separate  net¬ 
works,  such  as  NIPRnet  and  SIPRnet,  with  dif¬ 
fering  security  classifications,  and  the  Datagent 


is  intended  to  appeal  to  that  audience,  but  could 
find  use  in  commercial  business  networks,  too. 

How  company  got  its  start:  Co-founders 
Brad  Saunders,  Matt  Castelli  and  Terence  Slyntz 
have  backgrounds  with  firms  providing  support 
for  the  military,  including  at  Holocom  Networks, 
and  they  saw  the  need  to  make  it  easier  to  set  up 
compartmentalized  networks. 

How  company  got  its  name:  Sounds  like  “tal¬ 
isman,”  an  object  with  magical  power  to  protect. 

CEO:  Tom  Darton  is  the  firm’s  president;  a 
CEO  has  not  been  named. 

Funding:  Undisclosed  amount  of  private  ven¬ 
ture  capital  that  includes  a  60%  equity  stake  of 
$2.3  million  from  Pilot  Power  group,  a  retail  elec¬ 
tric  provider  based  in  San  Diego. 

Who’s  using  the  product:  Undisclosed 

Trusteer 

Founded:  2006 

Headquarters:  Tel  Aviv,  Israel;  U.S.  head¬ 
quarters  in  New  York  City 

Focus:  Antiphishing  software  for  the 
desktop. 

Why  it's  worth  watching:  Primarily  intended 
to  be  offered  by  financial  services  firms  to  their 
customers  for  free,  the  Web  browser  plug-in  Rap¬ 
port  software  released  last  year  is  customized  to 
warn  banking  customers  of  phishing  attempts 
and  protect  online  financial  transactions. 

How  company  got  its  start:  The  rise  of 
sophisticated  trojans  aimed  at  stealing  finan¬ 
cial  data  was  a  factor  in  the  decision  by  Mickey 
Boodaei  to  develop  browser-based  protection 
software  specifically  for  the  financial  sector. 

How  company  got  its  name:  Connotes  trust 
in  online  transactions. 

CEO:  Boodaei,  who  previously  co-founded 


Web-application  firm  Imperva. 

Funding:  $10  million  from  US  Venture  Part¬ 
ners  and  private  investors,  including  Check 
Point  and  Imperva  founder  Shlomo  Kramer. 

Who's  using  the  product:  ING  Direct,  Royal 
Bank  of  Scotland,  Pennsylvania  State  Employees 
Credit  Union  and  about  20  other  institutions. 

UnboundID 

Founded:  2007 

Headquarters:  Austin,  Texas 

Focus:  Building  a  highly-scalable,  high-per¬ 
formance  directory  server. 

Why  it’s  worth  watching:  Large-scale  iden¬ 
tity  and  personalization  services  of  the  future 
provided  over  the  Internet  and  wireless  net¬ 
works  will  need  directories  of  user  informa¬ 
tion  that  must  be  fast,  reliable  and  scalable,  and 
UnboundID  is  targeting  this. 

How  company  got  its  start:  The  founders  — 
Steve  Shoaff,  Don  Bowen,  David  Ely,  Neil  Wil¬ 
son  and  Andy  Land  —  are  experts  in  directory 
services  and  identity  management  who  were 
laid  off  from  Sun  and  went  off  to  build  a  direc¬ 
tory  server  that’s  also  part  database  for  high- 
volume  data  reads  for  telecom  companies.  The 
UnboundID  Directory  Server  will  scale  to  mil¬ 
lions  of  subscriber  entries.  Other  industries  may 
also  benefit  down  the  road. 

How  company  got  its  name:  ID  is  identity, 
unbound  is  no  limits. 

CEO:  Steve  Shoaff,  formerly  technical  direc¬ 
tor  and  chief  of  staff  of  the  Identity  Management 
product  division  at  Sun . 

Funding:  About  $3  million  from  Silverton 
Partners. 

Who’s  using  the  product:  Alcatel-Lucent, 
which  is  also  selling  into  the  telecom  market.  ■ 
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CSRs  -  Get  to  the  root 
of  the  problem,  fast. 


Trace360 

Talk  less.  Do  more. 


■1  DNSstuff.com 

Try  free  for  7  days! 


NEWSANALYSIS 


H  Botnets,. from page  12 

victims’  machines  and  recorded  70GB  of  data 

collected  by  the  hots  in  just  10  days. 

Torpig  obtained  the  credentials  of  8,310 
accounts  at  410  institutions.  The  top  tar¬ 
gets  were  PayPal,  Poste  Italiane,  Capital 
One,  E*Trade  and  Chase.  About  38%  of  the 
credentials  stolen  by  Torpig  were  obtained 
from  the  password  manager  of  browsers, 
rather  than  by  intercepting  an  actual  log-in 
session,  according  to  the  report.  Torpig  also 
collected  1,660  unique  credit  and  debit  cards, 
prominently  Visa,  MasterCard  and  Ameri¬ 
can  Express,  with  49%  of  the  victims  thought 
to  be  in  the  United  States.  Torpig  in  those  10 
days  was  seen  to  grab  297,962  unique  creden¬ 
tials  from  52,540  Torpig-infected  machines, 
with  the  top  Web  account  credentials  identi¬ 
fied  for  Google,  Facebook,  MySpace,  netlog. 
com,  libero.IT,  Yahoo,  nasza-klasa.pl,  alice.it, 
live.com  and  hi5.com. 

The  UC  Santa  Barbara  researchers  observed 
traffic  that  suggested  individuals  thought  infec¬ 
tions  were  cleaned  up  when  they  weren’t. 

The  main  means  of  infection  with  Torpig 
comes  from  drive-by  downloads  from  legiti¬ 
mate  Web  sites  that  have  become  compro¬ 
mised  with  malware  by  attackers,  or  occa¬ 
sionally  attack  sites  set  up  for  the  purpose. 

The  effect  of  the  drive-by  download  is  “it 
modifies  your  browser  so  it  becomes  differ¬ 
ent,”  Vigna  says.  When  you  next  visit  your 
banking  Web  site,  the  Torpig-infected  desk¬ 
top  displays  a  fake  Web  page  that  tricks  the 
victim  into  entering  his  banking  password 
and  log-in,  for  example.  Torpig  then  has  it 
and  sends  it  off  to  the  Torpig  operators. 

The  UC  Santa  Barbara  researchers  suspect 
Torpig  is  a  “malware  service”  accessible  to 
third  parties  for  a  fee. 

Vigna  says  the  researchers  never  discov¬ 
ered  who  runs  Torpig,  but  did  share  data 
with  the  FBI.  UC  Santa  Barbara  was  assisted 
in  the  Torpig  infiltration  project  by  funding 
from  the  National  Science  Foundation,  which 
is  supporting  a  five-year  effort  to  explore  the 
underground  economy. 

The  Torpig  botnet  suggests  a  pattern  of 
cooperation  between  attackers  compromising 
Web  sites  with  malware  that  directly  helps 
those  operating  Torpig  gain  more  victims,  and 
it’s  a  trend  that  likely  extends  beyond  Torpig. 

“One  of  the  biggest  things  we’ve  seen  is  the 
dramatic  shift  to  the  Web  browser,”  Nazario 
says  about  the  problem  of  drive-by  down¬ 
loads.  Like  other  researchers,  Nazario  says 
botnets  mainly  exploit  Windows-based 
machines.  “It  has  become  the  biggest  door 
into  the  PC.”  Users  have  to  stay  up  to  date 
with  patching  and  benefit  from  using  the  lat¬ 
est  version  of  browsers. 

While  it’s  Nazario’s  opinion  that  “Russians 
have  perfected  loaders  as  a  service  for  spam¬ 
ming  malware,”  he  predicts  the  Chinese  have 
a  growing  interest  in  botnets.  “The  Chinese 
are  where  the  Russian  perpetrators  were  10 
years  ago.”  88 


■  Mobile,  from  page  10 

applications  persist.  Browser  applications  typi¬ 
cally  can’t  reach  outside  to  access  specific  device 
features  or  operating  system  services  (though 
even  that  is  in  flux).  And  neither  enterprise 
IT  nor  enterprise  users  may  be  ready  to  fully 
depend  on  their  existing  cellular  or  Wi-Fi  net¬ 
works  for  the  essential  Internet  connectivity  that 
these  applications  ultimately  require. 

“If  you  look  at  browser  innovation  over  the 
last  12  months,  there’s  been  an  unprecedented 
acceleration,”  says  Matt  Waddell,  chief  of  staff, 
Mobile  and  Developer  Products,  Google.  One 
area  of  innovation  is  the  growing  adoption  of 
parts  of  the  HTML  5  spec.  “  [HTML  5]  represents 
a  brand-new  set  of  browser  functionality,  to 
enable  an  entirely  new  set  of  Web  applications.” 

Google  has  already  been  making  use 
of  two  key  HTML  5  APIs:  Database  and 
Application  (or  “AppCache”).  Both  were 
used  in  the  new  mobile  version  of  Gmail. 
Database  lets  a  mobile  browser  locally 
store  Gmail  messages  in  a  local  MySQL 
database;  AppCache  lets  it  locally  store 
the  Gmail  functions  and  user  interface 
in  JavaScript  and  CSS  files. 

Mobile  users  now  are  able  to  work 
offline  with  and  manage  their  Gmail 
account,  says  Alex  Nicolao,  engineering 
manager,  Gmail  for  Mobile,  at  Google. 

And  developers  can  design  and  build 
“bigger”  browser  applications,  with 
more  functions  and  features,  because 
they  don’t  have  to  be  so  concerned 
about  network-determined  “wait  times,’ 
he  says.  Once  the  application  and  data 
is  downloaded  to  the  browser,  where  it 
executes,  it’s  no  longer  waiting  on  cloud-based 
services  mediated  by  low-bandwidth  links. 

“Now  you  can  do  the  same  kind  of  heavy  lift¬ 
ing  with  large  amounts  of  data  on  the  client 
side,”  says  Mike  Smith,  staff  representative  for 
the  Worldwide  Web  Consortium  (W3C)  to  the 
W3C  HTML  Working  Group,  which  is  drafting 
the  HTML  5  specification.  Previously,  he  says, 
the  only  way  to  keep  session  data  or  state  infor¬ 
mation  locally  was  through  cookies.  With  App¬ 
Cache  and  Database,  “you  don’t  have  to  be  doing 
expensive  requests  over  the  net  to  get  data,  once 
it’s  cached  on  the  device,”  he  says. 

CSS  3  promises  to  make  browser-based  appli¬ 
cation  UIs  far  more  like  the  richly  interactive 
native  applications.  “CSS3  gives  the  developer 
far  greater  control  over  styling  the  user  inter¬ 
face,”  says  Ryan  Seddon,  senior  front  end  Web 
developer  with  DTDigital,  a  Web  design  firm. 
Seddon  has  his  own  Web  site:  The  CSS  Ninja. 

“With  CSS3,  you  can  create  effects  that  would 
usually  [otherwise]  require  a  mixture  of  CSS, 
JavaScript  and  images,  essentially  reducing 
[page]  load  times  and  increasing  the  overall 
‘snappiness’  of  the  Web  app,”  Seddon  explains. 

But  there  are  tradeoffs  with  the  new  genera¬ 
tion  of  browser  applications.  Because  JavaScript 
is  not  compiled  for  a  given  operating  system, 
“you  lose  a  lot  a  level  of  [application]  optimiza¬ 
tion  for  the  underlying  platform,”  says  Dan 


Sharoni,  emerging  mobility  lead  with  Accenture 
Technology  Labs. 

“It’s  a  not  a  ‘mobile  phone’  anymore:  it’s  a  com¬ 
puting  platform,”  he  says.  “So  it’s  very  important 
to  give  developers  access  to  those  features  so 
they  can  take  advantage  of  them.”  One  possible 
solution,  he  says,  is  for  device  makers  to  create 
and  publish  new  JavaScript  APIs  or  other  pro¬ 
grams  specifically  for  this  purpose. 

Enterprise  developers  need  to  be  aware  of 
limitations  still  inherent  in  mobile  browsers, 
says  Samir  Karande,  head  of  mobile  vertical  at 
Persistent  Systems,  a  global  outsourced  soft¬ 
ware  development  firm  in  Pune,  India,  with  a 
decade  of  work  in  mobile  applications.  “If  I  want 
to  place  an  e-commerce  app  on  a  mobile  device, 
it  may  not  be  possible  with  just  a  browser  app,” 


he  says.  “Because  I  need  personal  information 
stored  on  the  device,  more  than  just  a  username 
and  password  stored  in  a  cookie.” 

One  of  the  big  promises  of  the  new  generation 
of  mobile  browser  applications  is  that  they  can  be 
written  once  and  then  deployed  easily  by  any  com¬ 
patible  browser.  But  in  practice  things  are  not  yet 
that  simple,  Karande  says.  “A  browser  might  sup¬ 
port  HTML5,  but  not  completely,”  he  says.  “If  you 
have  CSS  and  JavaScript,  most  likely  every  mobile 
operating  system  will  present  it  differently.  ” 

Infinity  Software  offers  a  range  of  calculation 
programs  for  PCs  and  mobile  platforms,  includ¬ 
ing  the  iPhone,  Windows  Mobile  and  BlackBerry 
operating  system.  A  Web  browser  development 
model  would  simplify  development  and  deploy¬ 
ment  and  cut  costs,  says  CEO  Elia  Freedman, 
who  started  the  company  as  a  college  senior  12 
years  ago,  writing  software  for  the  PalmOS.  But 
he’s  not  doing  it  for  two  reasons. 

“But  I  talked  to  my  customers  and  they  are  not 
comfortable  with  [relying  on]  the  Internet  con¬ 
nections  for  their  mobile  devices,”  he  says.  “Hav¬ 
ing  a  Web-only  app  is  a  major  problem  because 
customers  can’t  assume  the  network  connection 
will  be  there,  or  be  fast  enough.” 

Secondly,  FastFigure  incorporates  a  power¬ 
ful  calculation  engine  written  in  C  (another  ver¬ 
sion  is  in  Java)  for  optimal  performance,  and  far 
beyond  what  JavaScript  can  handle.  ■ 
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Revised  Gmail  for  Mobile,  for  iPhone  and 
Android  browsers,  uses  emerging  standards 
such  as  HTML5  and  Cascading  Style  Sheets. 
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A  smarter  planet  needs 
smarter  technology. 


If  we  are  going  to  realize  the  enormous 
potential  of  a  smarter  planet,  we  have 
to  reinvent  the  IT  of  the  21st  century  in 
the  same  way  that  we  industrialized  our 
factory  floors  in  the  20th— making  it  more 
efficient,  more  dynamic,  less  complex 
and  less  costly. 

This  isn’t  a  question  of  ripping  and  replacing.  Smarter  technology  isn’t 
about  starting  over  — it’s  about  using  the  resources  we  already  have  to 
lay  a  better  foundation  for  tomorrow. 

With  “service  oriented”  software,  companies  can  unlock  business  services 
from  the  underlying  technology  so  their  software  can  be  changed  and 
reused  flexibly— at  a  fraction  of  the  cost  of  developing  it  from  scratch. 

Energy-efficient  and  virtualized  servers  and  storage  can  help  companies 
reinvent  their  datacenters,  eliminating  up  to  70%  of  their  servers  and 
80%  of  their  floor  space. 

Service  management  solutions  can  orchestrate  all  of  these  systems 
from  one  place,  while  letting  IT  users  serve  themselves,  cutting 
administrative  costs. 

Business  intelligence  is  breaking  down  disconnected  silos  of  information 
and  offering  a  broader,  more  holistic  view  of  the  information  that  matters 
to  the  enterprise. 

All  of  these  developments  are  converging  in  a  new  computing  model, 
cloud  computing,  which  looks  at  IT  as  a  distributed  capability  that 
can  be  tapped  into  simply  and  easily. 

Information  technology  has  taken  us  a  long  way  in  the  past  50  years.  But 
seizing  the  opportunities  before  us  and  solving  the  biggest  problems 
will  depend  on  more  than  intelligent  machines.  It  will  depend  on  spreading 
intelligence  across  our  technology  infrastructures. 


\  I  / 


ibm.com/smartertechnology 


IBM,  the  IBM  logo,  ibm.com,  Smarter  Planet  and  the  planet  icon  are  trademarks  of  International  Business  Machines  Corp, ,  registered  in  many  jurisdictions  worldwide.  Other 
product  and  service  names  might  be  trademarks  of  IBM  or  other  companies.  A  current  list  of  IBM  trademarks  is  available  on  the  Web  at  www.ibm.com/legal/copytrade.shtml. 


A  smarter  approach  to  infrastructure. 

The  datacenter  used  to  equal  IT  and  nothing  more.  But  on  a  smarter  planet,  intelligent  devices  connected  to  powerful  service 
management  systems  are  redefining  the  role  of  the  infrastructure  at  the  core  of  the  enterprise.  The  datacenter  is  becoming 
the  nervous  system  of  the  entire  business— the  center  of  a  more  dynamic  infrastructure  that  can  sense  and  respond  to 
change— whether  it’s  assembly  lines  that  understand  how  to  adjust  to  changing  needs  or  power  grids  that  match  supply  and 
demand.  IBM  has  already  helped  customers  achieve  this  vision— by  improving  service,  increasing  flexibility  and  reducing  operating 
costs  by  as  much  as  50%. 


A  smarter  approach  to  information. 

Companies  today  are  struggling  to  manage  massive  amounts  of  information— to  free  their  data  from  application-centric  silos 
so  they  can  make  use  of  it.  An  Information  Agenda  from  IBM  gives  you  an  overarching  strategy  to  get  real  value  from  your 
information  systems  so  you  can  make  use  of  your  data  to  make  decisions  faster  and  with  greater  confidence.  This  insight  allows 
you  to  optimize  your  processes,  predict  market  changes  and  act  on  new  opportunities.  Banks  can  better  manage  their 
financial  risk.  Retail  companies  can  crystallize  trends.  Manufacturing  companies  can  identify  better  production  techniques.  It’s 
a  way  to  make  information  work  for  us,  instead  of  vice  versa. 


A  smarter  way  to  deliver  services. 

An  intelligent  service  management  system  is  the  foundation  of  a  more  dynamic  infrastructure,  allowing  you  to  tightly  integrate 
/our  business  and  IT  infrastructures.  IBM’s  approach  to  service  management  can  help  you  extend  greater  visibility,  control 
and  automation  through  all  of  your  services.  Inside  and  out.  Top  to  bottom.  We’re  already  helping  companies  all  over  the 
/orld-20  of  the  20  top  telcos,  10  of  the  20  biggest  utilities  and  7  of  the  10  largest  automotive  manufacturers— reach  beyond 
le  datacenter  to  deliver  quality  service  and  respond  quickly  to  the  demands  of  a  smarter  planet. 


A  smarter  way  to  collaborate. 

Today,  businesses  and  their  employees  are  increasingly  working  beyond  their  walls  — with  partners,  suppliers,  customers  and 
remote  employees.  That’s  why  IBM  is  actively  incorporating  new  tools,  like  social  software,  wikis  and  presence  awareness 
throughout  its  collaboration  portfolio  — as  well  as  new  ways  of  accessing  these  tools  through  the  cloud.  Cloud-based  tools  like 
LotusLive™  let  your  people  work  with  whom  they  want  to  work  while  offering  your  organization  enhanced  productivity  without 
the  cost  and  complexity  of  additional  infrastructure.  So  you  don’t  have  to  tear  down  your  walls  to  reach  beyond  them. 


A  smarter  business  needs  smarter  software,  systems  and  services. 

Let’s  build  a  smarter  planet. 
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NETINSIDER  BY  SCOTT  BRADNER 

Broadband  subsidy:  Mostly  well  targeted 


A  FEW  WEEKS  ago  I  aired  my  worries  about  how 
the  broadband  funding  in  the  Federal  stimulus 
package  was  going  to  be  spent.  The  government 
has  now  released  documentation  on  that  part  of  the  package,  and  so  far 
things  look  mostly  OK. 

The  government  has  set  up  a  Web  site  that  is  designed  to  let  organiza¬ 
tions,  including  states,  apply  for  funding  to  support  broadband  deploy¬ 
ment.  And  there  is  money  to  be  had.  The  stimulus  bill  allocated  $7.2  billion 
and  directed  the  departments  of  Agriculture  and  Commerce  to  hand  it  out. 
(Your  tax  dollars,  or  maybe  your  grandchild’s  tax  dollars,  at  work.) 

The  Broadband  Initiatives  Program  (BIP)  is  run  by  the  Department 
of  Agriculture’s  Rural  Utilities  Service  and  the  Broadband  Technology 
Opportunities  Program  (BTOP)  is  run  by  the  Department  of  Commerce’s 
National  Telecommunications  Information  Administration  (NTIA).  The 
Web  site  includes  Notices  of  Funds  Availability  (a  term  that  only  Wash¬ 
ington  could  have  come  up  with)  for  these  programs.  According  to  the 
Web  site  the  BIP  will  make  loans  and  grants  for  broadband  infrastructure 
projects  in  rural  areas,  and  the  BTOP  will  provide  grants  to  fund  broad- 
band  infrastructure,  public  computer  centers  and  sustainable  broadband 
adoption  projects.  There  is  also  a  separate  document  to  be  used  by  states 
that  want  to  get  some  of  the  money. 

These  programs  require  that  the  money  go  to  Internet  connections  that 
meet  the  FCC  policy  statement  on  network  neutrality  and  do  not  favor 
any  lawful  Internet  applications  and  content  over  others  (see,  for  example, 
lines  615  to  629  of  the  non-state  program). 

The  program  does  not  prohibit  all  types  of  invasive  behavior  on  the  part 
of  the  service  provider  but  the  provider  is  required  to  “describe  any  busi¬ 
ness  practices  or  technical  mechanisms  they  employ,  other  than  standard 


best  efforts  Internet  delivery,  to  allocate  capacity;  differentiate  among 
applications,  providers  or  sources;  limit  usage;  and  manage  illegal  or 
harmful  content.”  I  guess  it’s  OK  for  a  provider  to  do  bad  things  as  long  as 
they  tell  us  that  is  what  they  are  doing. 

Of  course,  the  provider  must  support  wiretapping  and  can  make  use  of 
“reasonable  network  management.” 

There  are  a  few  things  that  are  not  quite  what  I  would  have  done  if  I 
had  been  in  charge.  One  big  problem  is  that  the  programs  only  talk  about 
“advertised  speed”  of  the  connection  to  the  Internet  rather  than  what  speed 
a  user  could  reasonably  expect  to  see.  It  does  not  take  too  much  imagina¬ 
tion  to  see  how  that  can  be  (will  be?)  abused.  The  minimum  speed  that  is 
specified  (768Kbps  downstream  and  200Kbps  upstream)  is  also  very  low 
in  comparison  to  what  is  offered  elsewhere  in  the  world. 

Another  problem  is  that  our  tax  dollars  can  be  used  to  create  non-Inter¬ 
net  managed  services  (lines  634  to  637)  as  long  as  some  Internet  connectiv¬ 
ity  is  also  provided.  This  is  just  what  I  was  arguing  against  in  a  previous 
column  —  my  tax  dollars  should  not  be  used  to  subsidize  carriers  creating 
non-Internet  services.  At  first  blush,  one  might  think  that  separate  net¬ 
works  for  public  safety  would  be  a  good  idea,  but  in  reality,  all  that  such 
networks  do  is  create  incompatible  islands  of  connectivity.  It  would  be  far 
better  if  public  safety  communications  were  IP-  and  Internet-based. 

Disclaimer:  A  primary  aim  of  education  at  a  place  like  Harvard  is  to 
bridge  the  incompatible  islands  of  knowledge  students  have  or  acquire. 
But  the  university  has  not  provided  me  with  an  opinion  on  the  broadband 
stimulus  program,  so  the  above  is  my  own  review. 

Bradner  is  Harvard  University's  technology  security  officer.  He  can  be 
reached  at  sob@sobco.com. 


EYEONTHECARRIERS  BY  JOHNA  TILL  JOHNSON 

When  private  and  business  data  collide 


I  OFTEN  ADVISE  IT  professionals  of  the  need  to 
step  up  to  working  with  their  companies  as  stra¬ 
tegic  advisers  around  technology- related  issues. 
This  means  helping  business  folk  understand  the  strategic  and  practical 
implications  of  new  technologies  —  and  recommending  policies  that  make 
sense  in  light  of  what  technology  makes  possible. 

That’s  particularly  true  when  it  comes  to  technologies  such  as  social 
networking  and  communications.  Together  with  the  ongoing  blurring  of 
personal-professional  boundaries,  these  technologies  can  raise  interesting 
challenges  for  corporate  policies. 

Here’s  an  example;  What  rights,  if  any,  does  a  company  have  over 
employee  identities?  I’m  talking  about  things  such  as  personal  photo¬ 
graphs  online  at  social  networking  sites,  and  geographic  whereabouts  as 
revealed  by  cell  phone  and  online  mapping  databases. 

Is  it  acceptable  for  a  human  resources  department,  for  example,  to  check 
to  see  if  an  employee  with  alcohol  issues  frequented  a  bar  over  the  week¬ 
end?  (Read  on  for  why  this  is  a  harder  question  than  it  seems.) 

Or  take  the  case  of  a  man  I  met  recently,  who  worked  for  a  U.S.  govern¬ 
ment  agency  that  oversees  procurement  and  regulation  in  a  particular  area. 
(This  is  not  an  agency  that’s  involved  in  homeland  defense,  or  espionage,  or 
anything  overtly  “sensitive.”) 

The  agency  explicitly  forbade  him  from  launching  a  Facebook  page,  or 
posting  photos  of  himself,  or  any  identifying  details  of  his  family,  including 
whereabouts,  online  anywhere  —  even  if  the  photos  were  purely  private 
and  had  nothing  to  do  with  his  official  duties. 

The  reason?  Folks  under  his  agency’s  regulation,  or  who  hoped  to  sell 
to  his  agency,  might  see  the  photos,  figure  out  where  he  lived,  engineer  a 
chance  meeting  —  in  line  at  a  local  Starbucks,  for  example  —  and  thereby 


manage  to  gain  influence  for  their  organizations.  Because  the  agency  was 
required  to  be  strictly  neutral,  in-person  meetings  (however  unofficial) 
would  be  perceived  as  favoring  one  organization  over  another. 

The  key  point  is  that  there  were  no  overarching  issues  of  national  secu¬ 
rity  at  stake  —  the  agency  required  employees  to  give  up  certain  rights 
simply  to  ensure  it  could  do  its  job  more  effectively. 

Or  take  the  issue  of  location-tracking,  which  I  highlighted  above.  As 
most  techies  know,  cell  phone  companies  can  provide  up-to-the-minute 
information  about  a  customer’s  physical  whereabouts.  The  same  is  true 
for  certain  online  applications,  such  as  Google’s  Latitude,  which  tracks 
location  via  GPS. 

If  the  employer  provides  the  phone  —  or  mobile  application  —  to  that 
person,  what  right  does  it  have  to  that  information? 

That’s  a  question  nobody  seems  to  be  addressing  at  present  —  and  that  IT 
professionals  would  do  well  to  raise  with  their  organizations’  legal  teams. 
It’s  even  unclear  under  which  circumstances  this  information  must  be 
provided  to  state,  local  and  federal  governments.  The  Electronic  Frontier 
Foundation  and  the  American  Civil  Liberties  Union  have  filed  a  lawsuit 
against  the  Justice  Department  aimed  (in  part)  at  forcing  clarification  of 
these  issues. 

The  bottom  line?  Social  networking  and  communications  technologies 
generate  a  host  of  ethical  dilemmas  —  and  IT  folks  need  to  be  ahead  of  the 
curve  when  it  comes  to  advising  their  organizations  about  the  policy  chal¬ 
lenges  they  pose. 

Johnson  is  president  and  senior  founding  partner  at  Nemertes 
Research,  an  independent  technology  research  firm.  She  can  be  reached 
at  johna@nemertes.com. 
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TECHUPDATE 

An  inside  look  at  technologies  and  standards 


Capacity  planning  for  Exchange 


BY  LEE  DUMAS 


Microsoft  Exchange  e-mail  systems 
have  emerged  as  the  de  facto  com¬ 
munication  and  collaboration  tool 
for  today’s  organizations.  How¬ 
ever,  keeping  Exchange  running 
smoothly  can  be  a  headache,  especially  when 
capacity  needs  and  performance  requirements 
conflict.  Here  are  five  capacity  planning  best 
practices  for  optimizing  the  performance  of 
your  Exchange  infrastructure. 

Database  and  storage  sizing:  It  is  critical  to 
start  with  an  assessment  of  whether  you  have 
enough  space  to  store  all  the  data.  If  a  database 
logical  number  unit  (LUN)  runs  out  of  space,  the 
connected  databases  will  “dismount”.  Generally 
speaking,  running  out  of  disk  space  will  result  in 
an  e-mail  service  interruption  that  exceeds  most 
organizations’  recovery  time  objectives. 

Next,  limit  the  amount  of  data  users  are 
allowed  to  store  in  their  mailboxes.  This  helps 
to  determine  how  many  users  each  server  can 
support.  As  users  approach  their  mailbox  quota, 
an  equivalent  amount  of  mail  must  be  deleted. 
This  forces  growth  to  be  split  between  the  data¬ 
base  dumpster  and  the  mailbox. 

Another  important  consideration  is  control¬ 
ling  database  whitespace.  Having  50%  or  more 
of  whitespace  will  significantly  slow  perfor¬ 
mance,  but  it’s  not  a  problem  when  users  are  not 
near  their  mailbox  quotas.  To  keep  whitespace 
from  growing  beyond  appropriate  limits,  online 
maintenance  must  be  able  to  complete  a  full 
pass  at  least  once  per  week.  To  accomplish  this, 
enough  time  must  be  allocated  to  enable  online 
maintenance  to  run  nightly. 

While  smaller  databases  are  quicker  to  back 
up  and  restore  than  large  databases,  you  can 
minimize  the  complexity  of  the  latter  by  limit¬ 
ing  the  number  of  databases  and  LUNs  to  man¬ 
age.  Exchange  2007  can  support  a  maximum  of 
50  databases  per  server,  and  Microsoft  recom¬ 
mends  200GB  for  each  database.  However,  since 
200GB  databases  can  be  unwieldy  and  difficult 
to  manage,  using  100GB  databases  with  con¬ 
tinuous  replication  is  a  better  option. 

Planning  for  backup  and  restore:  To  limit 
data  loss,  it  is  best  to  perform  a  full  online 
backup  every  day.  With  Exchange  2007,  admin¬ 
istrators  can  perform  a  streaming  online  backup 
to  a  disk  or  use  the  Volume  ShadowCopy  Ser¬ 
vice.  Because  streaming  online  backup  requires 
iigh  throughput  to  copy  data  to/from  LUNs,  it 
■  ften  requires  very  fast  hardware  to  complete  a 
backup  within  a  few  hours.  So  while  streaming 
backup  is  feasible,  using  the  Volume  Shadow- 
Copy  Service  (VSS)  for  backing  up  Exchange  is 
more  practical. 

The  VSS  is  used  by  Exchange  2007  to  make 


volume  shadow  copies  of  databases  and  trans¬ 
action  log  files.  It  can  take  snapshots  of  either 
the  production  copy  or  the  passive  copy.  Taking 
VSS  snapshots  of  the  passive  copy  minimizes 
the  load  on  the  production  LUN  during  check¬ 
sum  integrity  as  well  as  the  subsequent  copying 
to  tape  or  to  disk.  This  frees  up  time  on  the  pro¬ 
duction  LUNs  to  run  online  maintenance. 

Microsoft  System  Center  Data  Protection 
Manager  (DPM)  is  an  alternative  backup  solu¬ 
tion  that  works  well  with  Exchange  2007.  DPM 
can  either  save  a  VSS  copy  of  data  immediately, 
or  manually  copy  data  to  DPM  volumes.  Once 
DPM  has  synchronized  the  entire  Exchange 
database  and  transaction  logs,  it  can  make  an 
“Express  Full”  backup  that  updates  only  the 
changes.  This  results  in  a  much  faster  backup 
that  is  as  reliable  as  a  classic  full  backup. 

Capacity  planning  for  mobile  devices: 
While  mobile  devices  improve  user  productiv¬ 
ity  they  present  a  challenge  to  capacity  plan¬ 
ners  because  of  their  resource  requirements. 
For  example,  an  average  Research  in  Motion 
BlackBerry  Exchange  user  requires  nearly  four 
times  the  server  performance  as  an  ordinary 
Exchange  mailbox  user. 

Mobile  devices  also  introduce  a  data  control 
issue:  you  must  know  where  all  Exchange  Per¬ 
sonal  Store  files  are  located  for  your  entire  organi¬ 
zation,  know  who  regularly  stores  PSTs,  and  have 
a  plan  to  control  PST  usage.  The  best  approach 
is  to  implement  a  PST  control  policy  to  docu¬ 
ment  where  these  files  are  stored.  This  should  be 
addressed  in  the  planning  phase,  because  uncon¬ 
trolled  content  could  create  a  problem  in  the  event 
of  legal  discovery  or  other  proceedings. 

Business  continuity  and  disaster-recov¬ 
ery  planning:  To  implement  a  business  con¬ 
tinuity  solution  for  Exchange  it’s  best  to  work 
backwards.  First,  establish  your  service-level 
agreement  (SLA)  and  determine  how  long  your 
organization  can  function  without  access  to 
e-mail  data.  Next,  calculate  how  quickly  you 
can  restore  from  your  chosen  backup  solution 
(disk  or  tape),  and  design  your  solution  around 
these  variables.  Don’t  make  the  mistake  of  bas¬ 
ing  your  business  continuity  assumptions  on 
disk  size  instead  of  the  organization’s  disaster- 
recovery  needs. 

When  making  disaster-recovery  planning 
decisions,  figure  out  the  Recovery  Time  Objec¬ 
tive  (RTO)  —  that  is,  how  long  the  business 
can  function  without  access  to  data  in  case 
of  disaster.  Also,  determine  how  much  of  the 
overall  messaging  solution  might  be  negatively 
impacted  by  data  loss,  and  conversely,  how 
much  of  the  messaging  project  budget  can  be 
dedicated  to  business  continuity.  This  will  help 
determine  RTO,  which  normally  spans  one  to 
12  hours.  As  expected,  solutions  with  shorter 


RTOs  cost  significantly  more  than  those  with 
longer  RTOs. 

Test  the  solution  by  running  a  fire  drill  a  few 
times  each  year  by  replicating  the  restore  pro¬ 
cess  to  make  sure  it  works  properly  and  quickly 
enough.  Assess  whether  the  solution  can  meet 
the  SLA  time  requirements  of  X  hours,  docu¬ 
ment  the  results,  and  outline  the  steps  required 
for  a  real-life  disaster-recovery  operation. 

Compliance:  archiving  and  journaling:  There 
are  three  core  purposes  for  archiving:  storage 
cost  reduction,  compliance  and  the  creation 
of  a  bottomless  in-box  experience  for  the  user. 
A  well-architected  archiving  policy  can  save 
thousands  of  dollars  in  storage  and  licensing 
costs.  For  compliance,  this  can  be  a  high-impact 
feature  for  Exchange  in  order  to  adhere  to  cor¬ 
porate  and  regulatory  policies.  It  is  critical  to 
understand  exactly  which  regulations  apply  to 
e-mail  within  the  organization,  because  proper 
storage  management  (archiving,  backup  and 
journaling)  can  save  time  and  legal  costs.  While 
the  bottomless  in-box  feature  is  nice  to  have 
from  a  user  perspective,  it  has  little  impact  on 
business  functionality. 

Archive  solutions — those  that  replace  archived 
content  with  a  stub  reference  that  has  a  reduced 
impact  on  performance  —  can  help  when  used 
with  proper  planning  and  design.  While  there 
have  historically  been  problems  associated  with 
archiving  large-count  mailboxes  in  Outlook,  Out¬ 
look  2007  SP2  has  adequately  addressed  these 
problems.  Archiving  in  Exchange  is  often  as 
simple  as  enabling  message  or  envelope  journal¬ 
ing,  and  then  periodically  moving  the  journaling 
mailbox  to  an  offline  archive.  Once  the  required 
retention  period  has  elapsed,  purge  the  content 
to  limit  the  strain  on  your  resources. 

Careful  planning  of  the  Exchange  server 
environment  will  always  pay  valuable  divi¬ 
dends,  particularly  with  regard  to  archiving 
and  journaling.  Using  these  five  best  practices 
for  Exchange  will  help  maintain  a  balance 
between  the  user  experience,  budget  and  legal/ 
compliance  requirements  within  an  organiza¬ 
tion,  while  significantly  reducing  e-mail  service 
interruptions.  ■& 

Dumas  is  director  of  architecture  for  Azaleos, 
a  provider  of  remote  management  services 
for  Exchange,  SharePoint  and  BlackBerry 
Enterprise  Server. 

This  vendor-written  tech  primer 
has  been  edited  by  Network  World 
to  eliminate  product  promotion, 
but  readers  should  note  it  will  likely 
favor  the  submitter’s  approach. 
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Complex  10G  Fiber  Cabling 


ICC’s  HiPerlink  Fiber  ‘Plug  and  Play’  Solution 

In  today's  economy,  it  is  vital  to  look  for  cost-effective  ways  to 
deploy  reliable  network  systems  and  upgrades  quickly.  With 
ICC’s  pre-terminated  fiber  solutions,  simply  ‘plug  and 
play'  fiber  into  any  FTTx  network  architecture:  data 
centers,  network  backbone  or  straight  to  the 
•  jr  workstation  and  still  save  money. 

Plug  and  Play 

Install  right  out  of  the  box  with  no  hassle. 

! 10  Gigabit  Performance 

Exceeds  IEEE  802.3.  IEC-60793-2-10,  TIA/EIA  568-B.3  standards. 

^  Superior  Reliability 

Low  Insertion  Loss  of  <0.3dB.. .exceeds  the  industry’s  average  0.75dB. 

Built-to-Order 

Cassette-to-Cassette,  Cassette-to-Connectors,  Cassette-to-Workstation. 

Cost  40%  Less  Than  Big  Name  Brands 

ICC  is  a  single  source  for  all  fiber  components  without  the  high  markups. 


Cal!  888-ASK-4-ICC  extension  4000  and  ask  for  a  quote. 

Go  online  www.icc.com/play 


PremiumProducts  •  Proven  Performance  • 
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II 


GEARHEAD  BY  MARK  GIBBS 


Automating  anything  (on  Windows),  anywhere 


AUTOMATION  IN  IT  will  always  be  a  big  deal 
because  there’s  always  going  to  be  that  situation 
where  you  have  to  do  something  obnoxiously 
repetitive  such  as  grab  data  from  that  Web  page,  save  it  into  this  file,  load 
that  file  into  this  application,  format  the  data  this  way  and  e-mail  it  out  to  a 
list  of  people  and  do  that  entire  process  every  hour  during  the  day. 

There’s  another  benefit  to  automation  that  is  often  overlooked:  accuracy. 
It  would  be  pretty  much  guaranteed  that  a  person  trying  to  do  that  eight 
times  per  day,  five  days  per  week,  SO  weeks  per  year  would  make  mistakes. 
And  that’s  the  thing;  mistakes  cost  money  so  automation  not  only  reduces 
or  eliminates  manpower  costs,  it  saves  the  cost  of  ****ups. 

Which  brings  me  to  today’s  topic:  Automation  Anywhere  Server  (AAS) 
from  Tethys  Solutions,  an  excellent  product  for  automating  just  about  any¬ 
thing  under  Windows  (Windows  XP,  Vista,  2008, 2003  and  2000  are  sup¬ 
ported)  on  your  network. 

With  the  ability  to  create  tasks  that  perform  pretty  much  any  automa¬ 
tion  process  you  can  think  of  interaction  involves  Web  browsers  and 
applications  on  Windows,  optionally  generate  a  distributable  Windows 
executable  to  run  the  task,  a  centralized  server  component,  clients  that 
can  work  either  connected  and  unconnected  to  the  server,  system-wide 
activity  logging,  and  built-in  return  on  investment  (ROI)  tracking,  Auto¬ 
mation  Anywhere  Server  is  a  full-fledged,  enterprise-oriented  solution  to 
automation. 

I  was  very  impressed  with  AAS  6.0.3  (priced  at  $6,000).  Among  its 
huge  feature  list  AAS  can  send  and  receive  e-mail,  run  tasks  on  sched¬ 
ules  or  launched  via  events  or  “triggers”,  run  and  track  the  use  of  VBS 
and  JavaScript  scripts,  and  attempt  to  resolve  platform  differences  with 
SMART  technology  so  that  tasks  execute  correctly  on  different  Windows 


versions  and  different  individual  PCs. 

This  SMART  technology  appears  to  mostly  work,  though  a  file  creation 
operation  that  worked  fine  on  Windows  2008  Server  failed  on  Windows 
Vista  Ultimate  because  of  Vista’s  enhanced  security. 

To  create  an  automation  task  there’s  the  Web  Recorder,  which  monitors 
your  browser’s  interactions  with  a  Web  site  and  creates  a  task  that  can  be 
edited  and  run.  The  only  situation  where  this  recording  technology  doesn’t 
work  is  when  a  Web  page  contains  ActiveX  controls.  Then  you  have  to 
manually  add  to  the  script  specific  mouse  actions. 

A  future  release  will  include  detection  of  interactions  with  ActiveX 
controls  and  will  automatically  add  the  mouse  actions  to  your  task.  You 
can  also  create  tasks  using  the  Object  Recorder,  which  understands  the 
broader  range  of  Windows  controls.  This  lets  you  create  tasks  that  will 
automate  any  application. 

An  interesting  feature  of  the  task  editor  is  the  ability  to  record  thumb¬ 
nails  of  browser  and  application  screens  when  a  task  is  run,  which  pro¬ 
vides  a  visual  record  that  makes  modifying  a  task  weeks  or  months  later 
somewhat  easier. 

AAS’s  ROI  tracking  examines  a  range  of  factors  including  task  devel¬ 
opment  and  debug  time,  documentation  time,  training,  and  the  execution 
times  of  tasks  allowing  AAS  to  report  on  what  the  tasks  would  have  cost  if 
humans  had  done  them. 

There  are  a  few  aspects  of  AAS  that  could  do  with  enhancement.  For  exam¬ 
ple,  a  more  granular  user  rights  system  would  be  useful  as  would  expanded 
documentation.  What  AAS  excels  at  is  the  breadth  and  depth  of  its  features 
along  with  excellent  support.  I’ll  give  Tethys’  AAS  a  rating  of  4.5  out  of  5. 

Gibbs  can  be  reached  at  gearhead@gibbs.com. 


COOLTOOLS  BY  KEITH  SHAW 


Hate  the  iPod?  Try  a  Zune,  or  SlotRadio 


Zune  8  features 
a  built-in  FM 
radio  tuner. 


IF  YOU  OWN  an  iPod  and  love  it,  stop  reading. 

But  if  you’re  still  in  the  market  for  a  digital 
audio  player,  I’ve  got  two  other  options  that 
present  digital  music  offerings  differently  than  the  Apple/iPod/iTunes 

ecosystem. 

The  scoop:  Zune  8,  by  Microsoft,  about  $140. 

What  it  is:  Comparable  to  the  Apple  Nano  players,  the  Zune  8 
offers  8GB  of  storage  space,  which  Microsoft  says  can  store  as 
many  as  2,000  songs,  25,000  pictures 
or  24  hours  of  videos  (Zune  players  also 
come  in  4GB,  16GB,  80GB  and  120GB 
versions).  In  addition,  the  device  features 
a  built-in  FM  radio  tuner  and  Wi-Fi  for 
connecting  to  the  Zune  Marketplace,  for  streaming 
music  directly  to  the  device  (with  a  Zune  Pass  sub¬ 
scription).  The  device  offers  a  1.8-inch  color  screen  for 
viewing  videos  and  photos,  and  three  buttons  allow  for 
most  of  the  navigation  (play/pause,  back  and  “enter”  for 
selecting,  moving  up/down  and  volume  control). 

Why  it's  different  from  an  iPod:  For  $14.99  per  month,  you  get 
unlimited  access  to  more  than  4  million  songs.  Songs  can  be  downloaded 
to  the  Zune  software  on  a  PC,  and  instantly  synchronized  with  the  Zune 
player. 

I’ve  been  hesitant  on  music  subscription  services,  as  I  don’t  like  the  idea  of 
a  recurring  subscription  in  order  to  listen  to  music  —  I’d  rather  just  buy  the 
CD,  and  then  I  have  the  “rights”  to  that  music  forever.  But  for  other  people 
who  might  not  have  a  huge  music  collection,  this  may  make  sense.  In  testing 
(you  can  get  a  free  14-day  trial  of  the  service),  I  found  myself  downloading 


more  music  that  I  would  have  never  purchased,  letting  me  experience  more 
music  than  I  do  on  my  iPod.  For  the  music  lover  who  wants  to  experience 
more  music  than  ever,  a  subscription  makes  sense. 

Some  caveats:  Transferring  an  existing  music  library 
to  the  device  is  a  pain  if  your  music  collection  is  larger 
than  the  capacity  of  the  device  (in  my  case,  it  was). 
Grade:  ★★★★  (out  of  five). 

The  scoop:  SlotRadio  Player,  by  SanDisk,  about 
$100. 

What  it  is:  A  digital  audio  player  that  requires  no  down¬ 
loads,  CD  burning  or  subscriptions.  Instead,  you  purchase 
slotRadio  cards  (microSD),  which  include  preloaded  songs 
in  a  variety  of  categories.  The  unit  comes  with  1,000  songs  in 
seven  categories:  alternative,  R&B/hip-hop,  rock,  contemporary, 
country,  workout  and  chill-out  playlists.  The  device  also  includes 
a  built-in  FM  Radio.  Additional  cards  with  1,000  more  songs 
(including  oldies,  ‘80s  &  ‘90s  and  so  on)  can  be  bought  for  $40. 

Why  it’s  different  from  an  iPod:  I  have  a  neighbor  who  abhors 
the  thought  of  converting  her  CD  collection  onto  a  digital  audio  player, 
and  instead  wants  to  just  listen  to  music.  The  slotRadio  offers  as  many  as 
1,000  songs,  and  additional  cards  can  be  purchased  in  other  categories. 

Some  caveats:  There  are  some  limits.  Songs  can’t  be  rewound,  and  the 
playlists  can’t  be  rearranged.  You  can,  however,  skip  a  song.  You  can’t  copy 
the  songs  to  a  PC.  But  the  person  who  gets  one  of  these  won’t  want  those 
features  anyway  —  remember,  they  just  want  to  listen  to  music. 

Grade:  ★★★★ 

Shaw  can  be  reached  at  kshaw@nww.com. 
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CLEAR  CHOICE  TEST  VIRTUAL  DESKTOPS 

Best  desktop  hypervisors 


Parallels  Desktop  for  the  Mac  and  VMware 

BY  TOM  HENDERSON  AND  BRENDAN  ALLEN 


Desktop  hypervisors  offer  companies  a  way  to  run  multiple  oper¬ 
ating  systems,  and  the  applications  tied  to  them,  on  a  single  cli¬ 
ent  machine.  Common  use  cases  would  be  support  staff,  help 
desk  and  software  development  in  a  multi-operating  system 
environment,  or  users  with  a  specific  business  requirement  to 
run  a  foreign  operating  system  application. 

We  tested  desktop  hypervisors  from  Parallels,  VMware,  Oracle/Sun 
and  Microsoft  on  both  Windows  and  Mac  hosts.  Our  guest  operating  sys¬ 
tems  were  Ubuntu  Desktop  8.10  and  Windows  XP  SP3. 

Parallels  won  our  overall  performance  tests  on  both  Mac  and  Windows 
platforms.  And  Parallels  Desktop  is  our  Clear  Choice  Test  winner  for  Mac 
desktop  virtualization.  However,  Parallels  Workstation  for  Windows  is  a 


Fusion  for  Windows 


less  evolved  product,  particularly  when  it  comes  to  application  sharing 
and  guest  virtual  machine  (VM)  integration. 

VMware’s  products  are  strong  on  both  platforms.  VMware  Fusion 
(Mac)  came  in  second  by  a  whisker  to  Parallels,  and  VMware  Worksta¬ 
tion  wins  our  Clear  Choice  Test  for  best  desktop  hypervisor  for  Windows 
machines. 

Oracle/Sun’s  open  source  VirtualBox  had  decent  performance  num¬ 
bers,  but  is  more  limited  in  its  application  execution  capabilities  between 
host  and  guest  VMs,  and  is  more  difficult  to  use  overall. 

Microsoft’s  VirtualPC  for  Mac  is  no  longer  supported  so  we  didn’t  test 
it.  VirtualPC  is  destined  to  be  the  hypervisor  that  will  enable  Windows  7 
to  support  Windows  XP  guests,  but  Microsoft  doesn’t  seem  interested  in 


NETRESULTS 

Product 

Parallels  Desktop 
4.0.3844  for  Mac 

Parallels  Workstation 

2.2  for  Windows 

VMware  Fusion 

2.0.4  for  Mac 

VMware  Workstation 

6.5  for  Windows 

VirtualBox  2.2  for  Mac 

Vendor 

Parallels  Computing 
www.parallels.com 

Parallels  Computing 
www.parallels.com 

VMware 

www.vmware.com 

VMware 

www.vmware.com 

Oracle/Sun 

www.sun.com/ 

software/products/ 

virtualbox/get.jsp 

Price 

$80 

$50 

$80 

$189 

Free  download. 

Pros 

Excellent  guest 
operating  system/ 
application  integration; 
great  performance, 
many  features. 

Good  performance. 

Well  integrated  with  OS, 
full  screen  multiple- 
monitor  capabilities, 
good  performance. 

Best  integration, 
full  featured,  fast. 

Reasonable  performer, 
free  iSCSI  support  for 
virtual  hard  disks. 

Cons 

Controlled  features 
sometimes  obscure. 

A  shadow  of  Parallels 
Mac  version;  lacks 
competitive  features. 

Some  features  not 
easy  to  get  at. 

Dual  display  not 
easy  to  use. 

Weak  integration  with 
host  operating  system 
and  hardware,  buggy. 

Score 

4.4 

2.9 

4.4 

4.1 

3 

SCORECARD 


Product 

Parallels  Desktop 
4.0.3844  for  Mac 

VMware  Fusion 
2.0,4  for  Mac 

VMware 
Workstation  6.5 
for  Windows 

VirtualBox 

2.2  for  Mac 

Action 

Weight 

Application  sharing 

25% 

4.5 

4.5 

4 

2 

Guest  VM  integration 

25% 

4.5 

4.5 

4 

2.5 

Hardware  integration 

25% 

4.25 

4.5 

4.5 

3.5 

Performance 

25% 

4.5 

4 

4 

4 

Total  score 

4.44 

4.4 

4.1 

3 

SCORING  KEY:  5:  EXCEPTIONAL;  4:  VERY  GOOD;  3;  AVERAGE;  2:  BELOW  AVERAGE;  1:  SUBPAR  OR  NOT  AVAILABLE 
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supporting  non-Microsoft  guests  on  Windows  machines. 

Installation 

We  installed  a  desktop  virtualization  application  on  the  host  operating 
system,  and  then  installed  a  legally  licensed  copy  of  either  Windows  XP  or 
Ubuntu  Desktop.  For  convenience,  you  can  use  a  disk  image  file  (we  did)  or 
a  vendor’s  CD/DVD  of  the  operating  system. 

Some  of  the  desktop  hypervisor  products  “recognized”  that  the  guest 
to  be  installed  was  Windows  XP  or  Ubuntu  and  made  automatic  adjust¬ 
ments  to  accommodate  various  features  between  host  and  guest  VM.  This 
allowed  us  to  make  rapid  default  choices,  such  as  how  the  guest  operat¬ 
ing  system’s  disk  storage  would  be  made  (and/or  emulated),  and  how  the 
native  and  guest  operating  systems  might  interact. 

These  interactions  might  be  something  as  simple  as  shared  folders 
among  native  and  guest  operating  systems,  or  as  sophisticated  as  being 
able  to  present  applications  as  though  they  were  “native”  (while  actually 
resident  on  the  ‘other’  operating  system). 

To  match  our  business  cases,  we  tested  each  hypervisor  with  Microsoft 
Windows  XP  (32-bit)  because  of  its  popularity  with  Mac  users.  We  also 


VirtualBox  2.2  for  Windows 

VirtualPC  7.0 

Oracle/Sun 

www.sun.com/software/ 

products/virtualbox/get.jsp 

Microsoft 

www.microsoft.com/virtualization 

Free  download. 

Free  download. 

Free,  iSCSI  support  for 
virtual  hard  disks. 

Good  Windows  guest  integration. 

Flaky  USB  support. 

Strictly  Windows-focused; 
lacks  many  pieces  of 
hardware  integration. 

2.9 

1.9 

Parallels  Workstation  VirtualBox  2.2  VirtualPC  7.0 

2.2  for  Windows  for  Windows 


2 

2 

1 

2.5 

2.5 

2.5 

3 

3.5 

1.5 

4 

3.5 

2.5 

2.9 

2.9 

1.9 

tested  with  Ubuntu  Linux  8.10  (32-bit  and  64-bit)  to  check  support  for 
Linux  in  general  and  to  also  have  a  64-bit  test  to  add  to  the  mix. 

We  tested  each  hypervisor  to  compare  features  such  as  mirrored  host/ 
guest  folders,  application  sharing,  seamless  presentation  of  guest/host 
applications  and  importing  VMs  from  other  hypervisors. 

We  discovered  that  the  installation  of  each  of  the  hypervisors  was  sim¬ 
ple,  and  options  for  subsequent  use  plentiful. 

VMware  Fusion  and  Parallels  Desktop  include  some  extra  applications 
to  work  with  Windows  XP  or  Vista  VMs,  and  each  include  optional  anti¬ 
virus  software  (McAfee  VirusScan  Plus  for  Fusion  and  Parallels  Internet 
Security  powered  Kaspersky  for  Parallels). 

The  security  tools  provided  by  Parallels  also  include  a  firewall  and  spam 
filter.  Parallels  also  includes  licenses  for  Acronis  True  Image  Home  and 
Disk  Director  Suite  to  help  with  backups  and  Windows  optimizations,  but 
are  a  separate  download.  These  tools  and  extras  weren’t  tested. 

Gauging  performance 

We  tested  performance  using  two  Java-based  benchmarks.  SPEC’s 
SPECjbb2005  is  a  business-based  benchmark  that  emulates  a  warehouse 
tracking  application,  uses  no  network  I/O  and  little  disk  I/O.  Instead,  it’s  a 
better  gauge  of  memory  allocation,  task  forking  and  CPU  muscle  that’s  not 
affected  by  external  (to  the  system  under  test)  I/O. 

The  second  benchmark  used  was  SPECjvm2008,  which  touches 
numerous  elements  of  performance  and  can  be  considered  a  better  way 
of  comparing  desktop  rather  than  server  functionality  through  a  series 
of  discrete  benchmarks  that  are  run  consecutively.  We  used  three  of  the 
suite’s  benchmarks:  crypto,  mpegaudio  and  xml. 

The  results  showed  that  when  Ubuntu  Linux  was  the  guest  operating 
system,  VMware  Fusion  beat  Parallels.  But  Parallels  returned  the  favor 
when  Windows  XP  was  the  guest.  The  results  were  close,  and  VirtualBox 
also  did  well. 

Overall,  Parallels  Desktop  was  the  performance  winner,  followed  closely 
by  VMware  Fusion  and  VirtualBox.  These  results  are  based  on  the  default 
settings,  and  it’s  possible  to  increase  performance  in  any  number  of  ways, 
which  we  didn’t  do. 

Conclusion 

Mac  users  were  the  first  to  express  a  strong  need  to  use  Windows  appli¬ 
cations,  and  this  early  demand  is  reflected  in  the  fact  that  the  Mac-based 
desktop  hypervisors  are  generally  more  mature  than  those  for  Microsoft’s 
Windows  XP. 

VMware  is  the  most  consistent  and  feature-filled  product  on  both  Mac 
and  Windows  host  platforms.  Parallels  was  tops  on  Macs  and  an  excel¬ 
lent  performer.  We  can’t  recommend  VirtualBox  to  the  average  user,  and 
we  can’t  recommend  VirtualPC  unless  your  installations  will  be  homoge¬ 
neously  Microsoft  Windows-based. 

Henderson  and  Allen  are  researchers  for  ExtremeLabs  in  Indianapolis. 
Contact  them  at  kitchen-sink@extremelabs.com. 


Don’t  forget  the  Macs 

Go  online  for  reviews  of  desktop  virti 
tools  for  the  Mac  platform: 

■  Parallels  Desktop  4.0 

■  VMware  Fusion  2.0.4 

■  Virtual  Box  2.2.2 
http://tinyurl.  com/mx2k4h 
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Parallels  Workstation  2.2  for  Windows 

A  less  mature  version  of  Parallels’  Mac-based  virtualization  tool 


Parallels  Workstation  for  Windows  is  a  lesser  product  than  Paral¬ 
lels  on  Mac.  It  lacks  support  for  64-bit  guests,  including  64-bit 
Windows  XP  or  Vista.  There  is  none  of  the  handy  snapshot  sup¬ 
port  offered  in  the  Mac,  and  only  one  virtual  CPU  is  offered. 
Because  of  this,  we  were  only  able  to  test  Windows  32-bit  and 
not  Vista  64-bit.  PW  2.2  also  lacks  tools  (integration  support)  for  Ubuntu, 
although  other  guests  are  supported. 

Networking  support  is  offered  via  either  bridged  networking  to  existing 
Windows  drivers  (some  call  this  ‘shim’  support)  or  independent  host-only 
networking  via  its  own  Parallels  network  driver.  Other  support,  includ¬ 
ing  USB  1.1  support  for  various  devices.  A  limitation  on  USB  2.0+  devices 
caused  some  problems,  however. 

Unfortunately,  there  are  no  desktop/application  integration  modes 
available.  Guest  VMs  are  largely  autonomous  from  their  hosts,  except 
when  the  guest  can  launch  an  application  from  folder  sharing  —  a  decided 
disadvantage,  and  one  that  makes  it  tougher  for  the  average  user  to  deploy 
for  everyday  guest  application/operating  systems  integration. 

Installation  of  guest  operating  systems  offered  us  limited  choices.  For 
example,  when  installing  guest  VMs,  the  default  RAM  offered  was  a  bit 
low  (256MB  for  Windows  XP  and  Ubuntu).  We  could,  however,  clone 
VMs  for  distribution  or  reuse  or  for  versioning  of  guest  VMs  (all  subject  to 
adequate  licensing,  of  course). 

Having  no  tools/specific  integration  offered  for  Ubuntu  8.10  meant  no 
shared  folders  or  enhanced  drivers  were  available,  unlike  the  high  integra¬ 
tion  Parallels  offers  for  Mac  platforms.  And  although  USB  and  Bluetooth 


worked,  the  USB  camera  did  not.  With  USB  integration,  we  were  able  to 
pair  our  phones  via  Bluetooth,  and  send  and  receive  files  on  our  sample 
phone.  Yet  the  camera  wouldn’t  display  an  image,  although  it  was  detected; 
natively,  Ubuntu  can  find  the  camera  and  make  it  work. 

A  fingerprint  reader  that  was  built  in  to  the  smaller  HP  we  tested  with 
wasn’t  able  to  be  virtualized,  although  it  could  be  read  by  each  operating 
system  when  it  was  native,  rather  than  a  guest.  We  were  perplexed.  The 
final  insult  was  that  with  Ubuntu  (or  XP,  below),  Parallels  popped  up  with 
the  same  cryptic  error  message.  Ubuntu  also  wouldn’t  shut  down  properly; 
we  had  to  manually  stop  it  after  shutting  it  down  using  Parallels  Worksta¬ 
tion  stop  button. 

Installation  of  XP  was  done  manually;  there  are  no  “greased”  settings  for 
it,  unlike  the  Mac  version.  We  still  needed  to  install  Windows  drivers  for 
USB  components  and  they  worked  well.  Our  Bluetooth  test  worked  well, 
and  we  paired  quickly  and  sent  files  back  and  forth  to  our  test  cell  phone. 
The  USB  camera  was  detected,  but  didn’t  work  as  it’s  a  USB  2.0  device,  and 
there’s  not  enough  driver  bandwidth  available  for  it  —  USB  1.1  only. 

Shared  folders  were  easy  to  set  up  between  host  and  guest  VM,  but  the 
level  of  application  integration  between  host  and  guest  is  comparatively 
missing. 

Overall,  there’s  much  less  to  tell  about  Parallels  Workstation  for  Win¬ 
dows  because  there’s  far  less  there  than  the  Mac  version.  Parallels  has 
announced  a  new  highly  sophisticated  version  for  Windows,  but  it  wasn’t 
available  for  testing.  The  version  we  tested  works  OK,  but  is  a  far  cry  from 
the  Mac  version.  ■ 


Desktop  virtualization  performance  results 

We  ran  two  sets  of  Java-based  benchmarks  (SPECjbb2005  and  SPECjvm2008).  The  numbers 
represent  operations  per  second.  The  number  listed  is  an  average  of  two  runs. 


TEST  #1:  This  was  a  warehouse  tracking  application  that  was  run  on  an  HP  EliteBook  running  Windows  Vista 
as  a  host  operating  system.  The  guest  operating  systems  were  either  Ubuntu  or  Windows  XP. 


VMware 

Sun  VirtualBox 

Parallels  Workstation 

Microsoft  VirtualPC 

Ubuntu 

XP 

Ubuntu 

XP 

Ubuntu 

XP 

Ubuntu 

XP 

8793.5 

8024.5 

7610 

7884.5 

6384.5 

7881.5 

863 

7778 

TEST  #2  (MAC):  This  test  was  run  on  a  MacBook  Pro  as  the  host. 


VMware 

Sun  VirtualBox 

Parallels  Workstation 

Microsoft  VirtualPC 

Ubuntu 

XP 

Ubuntu 

XP 

Ubuntu 

XP 

(not  supported) 

21567 

14024 

16736 

17390 

27414 

26763 

TEST  #3  (SPECJVM2008)  (WINDOWS):  This  test  measured  performance  across  three  benchmarks, 
crypto,  mpegaudio  and  xml.  For  space  reasons,  we’re  only  showing  the  xml  results. 


VMware 

Sun  VirtualBox 

Parallels  Workstation 

Microsoft  VirtualPC 

Ubuntu 

XP 

Ubuntu 

XP 

Ubuntu 

XP 

Ubuntu 

XP 

26.91 

16.29 

25.17 

16.93 

27.71 

16.9 

7.95 

17.09 

TEST  #4:  A  MacBook  Pro  is  the  host  machine. 


VMware 

Sun  VirtualBox 

Parallels  Workstation 

Microsoft  VirtualPC 

Ubuntu 

XP 

Ubuntu 

XP 

Ubuntu 

XP 

(not  supported) 

49.45 

33.43 

48.97 

33.89 

50.06 

49.38 

Go  online  for  complete  results  at  http://tinyurl.com/m2oy79 
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VMware  Workstation  for  Windows 


Fast,  full-featured,  well-integrated 

We  found  VMWare  Workstation  for  Windows  to  be  quite  a  bit 
more  advanced  than  its  competition.  The  product  has  the 
USB  2.0  support  missing  from  Parallels,  and  has  a  unity 
mode  that’s  similar  to  the  one  VMware  implements  on 
Fusion  for  Mac. 

Like  VirtualBox  on  Windows,  VMware  Workstation  can  also  be  con¬ 
nected  using  remote  display  techniques  such  as  VNC.  And  more  interest¬ 
ingly,  you  can  use  two  or  more  monitors  if  your  hardware  supports  this. 

Snapshots,  including  nested  snapshots,  worked  similarly  to  VMWare’s 
Fusion  product.  Nesting  snapshots  let  us  perform  rollbacks  to  previous 
versions  of  the  guest  operating  system  —  useful  for  testing  and  tech  sup¬ 
port  applications  of  VMware  Workstation. 

Because  USB  2.0  is  supported,  we  could  capture  movies  in  Windows  XP 
and  Ubuntu  as  guest  virtual  machines  (VM).  The  video  speed  was  very 
good  at  both  capturing  and  replay. 

Running  XP  guests 

Running  a  Windows  XP  guest  on  Windows  XP  might  seem  strange, 
but  it’s  frequently  done  for  many  reasons.  VMware  Workstation,  like 
the  VMware  Mac  version,  readily  makes  “greased”  settings  for  Windows 
XP  and  it  was  a  breeze.  We  did,  however,  have  to  install  Bluetooth  driv¬ 
ers,  because  the  default  representation  to  a  guest  machine  doesn’t  include 
native  machine  Bluetooth  resources  in  hardware  discovery.  But  we  also  had 
great  success  (after  driver  installation)  with  the  Webcam.  VMware  passed 
the  Bluetooth  test  very  well  —  and  delivered  the  highest  speed  transfer  of 
all  of  the  combinations  we  tested,  perhaps  owing  to  the  expanded  USB  2.0+ 
device  support. 

The  VMware  unity  mode  worked  similarly  to  the  Mac  version,  where 
guest  VM  applications  were  presented  natively.  However,  we  had  to  use  a 
key-combo  to  switch  to  them,  unlike  the  more  native  feel  of  the  Mac  version. 
Sharing  folders  took  a  little  more  work. 

There  were  two  ways  to  share  folders  in  Workstation.  One  was  the  older 
method  that  required  us  to  map  shares  as  though  they  were  Server  Mes¬ 
sage  Block  shares.  This  meant  mapping  drives  through  universal  naming 
convention  nomenclature  like  \\host\Shared  folders\share_name.  The  sec¬ 
ond  option  was  simpler.  By  checking  the  option  “Map  as  network  drive  in 
Windows  guests”,  we  were  able  to  see  the  share  directly  in  My  Computer. 
Dragging  and  dropping  files  between  XP  and  XP  guest  worked  simply. 

The  dual  display  option  worked  OK  in  full-  screen  mode,  but  only  in 
certain  configurations.  The  default  is  where  the  external  display  is  to  the 
right  or  bottom  of  the  main  display  in  the  host  operating  system  display 
properties. 

We  tried  setting  it  in  different  locations  (external  display  set  above  or 
to  the  left)  but  VMware  had  a  message  that  said:  “The  current  arrange¬ 
ment  of  monitors  is  not  supported.”  Also,  trying  to  change  display  settings 
(resolution  or  position)  within  the  guest  operating  system  should  not  be 
attempted  as  the  screens  becomes  mangled  between  the  two  displays 
(similar  to  Fusion). 

Running  Ubuntu  guests 

Ubuntu  installation  is  supported  like  XP  -  predefined  selections  made 
installation  simple.  By  adding  an  application  called  obextool  (obex  means 
object  exchange  in  Bluetooth-speak),  we  were  able  to  pair  our  test  phone 
and  move  data  back  and  forth,  but  only  at  about  2Kbps  —  much  slower 
than  under  Windows  XP-XP  host/guest  combinations  we  tested.  We  were 
also  able  to  connect  to  the  Webcam  and  other  devices,  but  weren’t  able  to 
use  the  Webcam;  other  USB  devices  worked  handily. 

VMWare’s  unity  mode  for  Linux  is  experimental,  yet  worked  for  us  in 


our  limited  testing.  Unlike  VirtualBox  for  Windows,  VMware  Workstation 
displays  the  running  applications  in  the  host  operating  system  taskbar. 
When  first  entering  unity,  a  small  start  menu-like  apparatus  is  displayed 
in  the  lower  left  corner  just  above  the  host  operating  system  start  menu. 
This  menu  had  a  list  of  Ubuntu’s  applications  (similar  to  the  main  Ubuntu 
menu).  The  problem  with  this  applications  selection  menu  is  that  it  disap¬ 
peared  when  we  switched  to  any  other  application.  Just  switching  back  to 
Workstation  does  not  redisplay  it.  Maddeningly,  a  key  combination  must 
be  entered  to  show  it  again,  each  time  you  want  to  use  it. 

VMware  Workstation  guest  tools  are  installed  through  a  script  from 
an  attached  virtual  ISO.  The  tools  are  compiled  and  then  inserted  into  the 
Linux  kernel  on  the  Ubuntu  guest.  The  only  problem  we  had  was  that  if 
you  set  the  Ubuntu  guest  to  autologin,  then  the  VMware-user  start-up  pro¬ 
gram  does  not  run  upon  boot.  Therefore,  we  had  to  start  it  manually. 

Host/guest  shared  folders  were  mounted  under  /mnt/hgfs  and  they 
worked  as  expected.  Drag  and  drop  between  host  and  guest  worked,  except 
it  wouldn’t  drop  to  the  desktop,  so  we  had  to  have  a  FileManager  window 
open  to  do  this. 

Dual  displays  worked  the  same  way  as  the  Windows  XP  guest  VM  (auto¬ 
matically  detecting  it  in  full-screen  mode),  which  also  included  the  same 
limitations  (the  external  display  had  to  be  positioned  to  the  right  or  bottom 
of  the  main  display). 

Of  the  four  Windows-based  desktop  hypervisors  we  tested,  VMWare’s 
was  the  most  integrated,  and  is  the  one  most  likely  to  be  recommended  for 
users  who  need  to  host  a  guest  operating  system  —  especially  for  Win¬ 
dows  XP  rehosting,  as  it’s  fast,  and  has  a  high  common  denominator  fea¬ 
ture  set.  a 

How  we  tested  desktop  virtualization 

On  the  Mac  side,  we  used  a  MacBook  laptop  with  a  2.2GHz 
Core  2  Duo.  It  had  144MB  virtual  RAM  (integrated  Intel 
Graphics  chip)  shared  with  3GB  of  dynamic  RAM.  We 
also  checked  graphics  and  features  on  a  MacBook  Pro. 
Each  guest  operating  system  and  virtual  machine  was 
assigned  768MB  of  RAM  and  128MB  of  VRAM  where  available 
(VMware’s  Fusion  automatically  assigned  128MB  of  VRAM, 
although  there  didn’t  seem  to  be  an  option  to  change  the  amount). 

For  the  Windows  XP/ Vista  host  testing,  we  used  an  HP  EliteBook 
2530p  with  3GB  RAM,  a  1.86GHz  Intel  Core2  Duo  and  an  older 
HP  Pavillion  DV9000  (2.33Ghz  Core  Duo,  4GB  DRAM,  internal 
200GB  hard  disk).  We  assigned  Windows  XP  and  Ubuntu  guests  a 
pre-allocated  8GB  and  6GB  disk  space,  respectively.  We  performed 
multiple  tests  with  one  virtual  CPUs.  Because  Virtual  Box  didn’t 
support  multiple  vCPUs,  we  didn’t  test  them. 

Parallels  supports  as  many  as  four  vCPUs  (eight  experimen¬ 
tally)  and  Fusion  supports  as  many  as  two  (four  experimentally). 

We  could  not  set  more  CPUs  than  our  computer  had.  Also,  our 
SPECjbb2005  benchmark  had  a  time  drift  problem  with  Parallels. 

The  problem  arose  from  an  option  in  Parallels  that  syncs  host  time 
with  Mac  OS  X  time.  Turning  that  off  solved  the  problem,  and  our 
results  reflect  accurate  timing. 

We  tested  the  environment  with  just  the  VM  running,  meaning 
no  additional  applications  were  loaded  (besides  the  Finder  and 
other  background  services.) 
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I  CLEAR  CHOICE  TEST  DESKTOP  VIRTUALIZATION 

Virtual  Box  2.2  For  Windows 

Lacks  sophistication,  but  has  some  cool  features 


irtualBox  for  Windows  was  comparatively  primitive,  but  had 
some  interesting  features.  There  are  some  show-stoppers  that 
will  prevent  most  from  wanting  to  use  it,  however. 

The  first  problem  is  that  there’s  no  drag-and-drop  of  files/ 
folders  between  a  host  and  guest  virtual  machines  (VM).  This 
forces  copies  between  host  and  guest  through  CLIs.  Systems  profes¬ 
sionals  may  not  mind,  but  the  help  desk  switchboard  will  light  up  if 
civilians  try  it. 

USB  support  was  horrendous.  When  it  worked,  it  worked  OK.  Of 
the  upsides,  it’s  possible  to  run  guest  VMs  in  the  background,  and 
no  matter  what  they  are,  they  can  be  accessed  via  Remote  Desktop 
Protocol.  This  worked  for  all  the  guests  we  tested.  Virtual  Box  also 
has  ‘seamless  mode,’  which  allows  the  VM  to  be  integrated  more  into 
the  desktop  operating  system  and  hides  the  guest  VM’s  background 
for  application  use. 

Virtual  Box  installed  guests  without  special  settings  help  that’s  spe¬ 
cific  to  the  guest  operating  system  version,  and  recommends  a  com¬ 
paratively  low  amount  of  memory  (192MB  for  Windows  XP  and  384MB 
for  Ubuntu).  And  although  there’s  no  dual-display  support  in  guests, 
it’s  possible  to  run  the  VM  full  screen  on  an  external  monitor. 

And  although  iSCSI  support  is  not  available  in  the  GUI,  it  is  available 
from  the  VBoxManage.exe  command-line  application.  This  worked 
well,  and  we  were  able  to  use  an  iSCSI  disk  as  a  boot  device  and  could 
install  a  guest  VM  on  it.  We  could  also  create  guest  snapshots,  and 
restore  them  to  Windows  XP  and  Ubuntu. 

Running  XP  guest 

Windows  XP  ran  normally,  and  we  had  no  problems  installing  it. 
VirtualBox-installed  drivers  worked  fine,  although  we  had  some  prob¬ 
lems  with  USB  support.  As  an  example,  upon  the  first  time  connecting 
a  USB  device.  Virtual  Box  would  install  a  windows  driver,  then  it  would 
not  capture  this  event  and  it  would  say  '  not  supported.’  If  we  tried  to 
connect  the  device  again,  the  VM  would  freeze  and  we  would  have  to 
kill  all  the  VirtualBox  processes  and  start  again.  This  happened  when 
the  host  was  Windows  Vista  or  XP. 

Bluetooth,  Web  camera  and  fingerprint  reader  weren’t  recognized 
at  first,  but  after  rebooting  the  host  operating  system  (after  first  hav¬ 
ing  tried  to  connect  the  Bluetooth  to  the  VM),  we  were  able  to  get  the 
XP  VM  to  see  the  Bluetooth  module.  It  was  necessary  to  download  the 
Bluetooth  and  other  drivers  for  our  hardware  to  make  them  recognized; 
then  we  were  able  to  use  them.  Unfortunately,  when  trying  to  connect  to 
the  camera,  XP  gave  an  error  message  about  too  much  USB  bandwidth 
usage  and  was  unable  to  show  a  picture.  We  disconnected  other  devices 
and  tried  again,  but  it  never  worked. 

Shared  folders  weren’t  easy  to  find.  As  an  example,  typing  a  share 
name  directly  (example:  \\vboxsvr\sharename )  didn’t  work,  but  brows¬ 
ing  to  it  did  (which  showed  the  same  address  when  typing  directly). 

Under  seamless  mode,  the  guest  Start  menu  is  displayed  just  above 
the  host  Start  menu,  so  it  looks  like  there  are  two  start  menus.  With 
Vista  as  a  host,  it’s  pretty  easy  to  tell  the  difference,  but  when  running 
XP  within  XP,  it  looks  like  two  start  menus  on  top  of  each  other. 

Running  XP  guest 

Like  the  Windows  XP  and  Vista  installation,  Ubuntu  installed  into 
VirtualBox  2.2  without  any  difficulties.  The  VirtualBox  tools  (actually 
drivers)  easily  installed  and  compiled  as  a  Linux  script.  Our  Bluetooth 
pairing  and  file  movement  test  passed.  The  USB  devices  were  recog¬ 
nized,  but  our  USB  cam  didn’t  work,  similar  to  what  happened  in  XP. 
Our  small  HP  notebook’s  fingerprint  reader  device  doesn’t  have  drivers 
for  Ubuntu,  so  it  couldn’t  be  detected  or  tested. 


The  Ubuntu  Seamless  mode  worked  similarly  to  how  Windows  XP 
hosts  Windows.  Moving  hosted  windows  around  by  dragging  them 
proved  choppy  and  somewhat  difficult,  also  showing  remnants  of  the 
Ubuntu  desktop  background.  But  otherwise  it  worked  well.  Sharing 
folders  required  us  to  use  the  Linux  mount  command,  but  instructions 
are  given. 

VirtualBox  for  Windows  is  similar  in  functionality  to  the  VirtualBox 
Mac  version  and  it’s  reasonable  for  systems  professionals,  but  civilians 
won’t  be  happy.  We  were  impressed  by  the  seamless  mode,  but  this  is  a 
free  project,  and  it  needs  work.  ■ 


Microsoft’s  Virtual  PC  7.0 

Designed  for  a  Windows-only  world 

Microsoft’s  VirtualPC  was  once  available  for  Macs  and  Win¬ 
dows,  but  now  is  only  available  and  supported  for  Windows- 
based  hosts.  There  are  no  guest  tools  available  for  other  oper¬ 
ating  systems,  and  all  other  operating  systems  are  installed  as 
“other”.  There’s  no  64-bit  guest  virtual  machine  (VM)  support, 
although  there  is  a  64-bit  version  of  Virtual  PC. 

If  you  want  USB  support,  forget  it  because  it’s  not  available.  There  is  no 
snapshot  support.  You  can  get  a  full-screen  view  of  guest  operating  VMs, 
but  there  are  no  integrated  views.  It’s  possible  to  use  an  external  monitor 
for  the  guest,  if  you  simply  must. 

Guest  installations  have  no  “greased”  or  enlightened  settings,  even 
for  Windows  guests.  We  found  the  installation  to  be  the  equivalent  of  a 
native  installation  for  the  Ubuntu  guests  we  tried,  but  the  recommended 
amount  of  memory  can  be  weak  (example:  recommended  is  128MB  for 
Windows  XP). 

Running  Ubuntu  guests 

Installing  Ubuntu  required  changing  some  of  the  boot  options,  as  we 
needed  to  use  safe-mode  graphics  and  also  specify  the  ‘noapic’  option;  oth¬ 
erwise,  no  installation  was  possible  (rather,  booting  the  installation  CD 
was  impossible). 

There  were  no  Linux  operating  system  choices  available  when  install¬ 
ing;  by  contrast,  there  were  quite  a  few  Windows  versions  listed  and  then 
there  was  “other”.  Sound  card  support  was  unavailable,  performance  was 
slow  and  networking  worked.  Interaction  by  mounting  file  systems  was 
absent  unless  we  used  Windows  and  SAMBA  peer  networking  as  though 
they  were  two  entirely  separate  machines. 

Running  Windows  XP  guests 

As  mentioned,  Windows  guests  are  welcome  here.  We  found  drag  and 
drop  file/folder  movement  worked  well  between  Windows  XP  guests  on 
hosts  of  Windows  Vista/XP.  Shared  folders  aren’t  required. 

Windows  guest  tools  worked  well  to  boost  performance  and  enabled 
shared  folders  to  work  with  no  problems.  The  share  folder  was  mounted 
as  a  drive  in  Windows.  Still,  guests  had  no  access  to  native  sound  cards,  any 
kind  of  USB  devices  and  most  other  native  host  hardware. 

Applications  interaction  is  still  separate-but-equal,  with  32-bit  applica¬ 
tion  execution  possible  if  the  operating  environment  (host  or  guest)  allows 
it.  You  can  run  Vista-only  applications  in  a  Vista  guest,  but  you  can’t  launch 
them  from  XP  and  expect  them  to  work  —  they  only  launch  when  executed 
from  the  guest.  It’s  primitive,  and  we  expected  more.  ■ 
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■  IPv6 ,  from  page  1 

director  for  the  North  American  IPv6  Task  Force 
and  an  HP  Distinguished  Technologist.  “You 
can’t  ignore  IPv6.  You  need  to  take  the  mini¬ 
mum  steps  to  secure  your  perimeter.  You  need 
firewalls  that  understand  IPv4  and  IPv6.  You 
need  network  management  tools  that  under¬ 
stand  IPv4  and  IPv6.” 

“Although  they’re  not  thinking  about  IPv6, 
for  most  of  the  Fortune  500,  it’s  in  their  net¬ 
works  anyways,”  agrees  Dave  West,  director  of 
systems  engineering  for  Cisco’s  public  sector 
group.  “You  may  not  see  IPv6  today  as  a  busi¬ 
ness  driver.  But  like  it  or  not,  you  are  running 
IPv6  in  your  network.” 

IPv6  is  the  long-anticipated  upgrade  to  the 
Internet’s  main  communications  protocol, 
known  as  IPv4.  IPv6  features  vastly  more 
address  space,  built-in  security  and  enhanced 
support  for  streaming  media  and  peer-to-peer 
applications.  Available  for  a  decade,  IPv6  has 
been  slow  to  catch  on  in  the  United  States.  Now 
that  unallocated  IPv4  addresses  are  expected  to 
run  out  in  2011,  the  pressure  is  on  U.S.  carriers 
and  corporations  to  deploy  IPv6  in  the  next  few 
years. 

IPv6-based  threats  are  not  well  understood, 
but  they  are  becoming  more  prominent.  For 
example,  the  issue  of  IPv6-based  attacks  was 
raised  at  a  June  meeting  of  the  National  Security 
Telecommunications  Advisory  Committee,  a 
high-level  industry  group  that  advises  the  White 
House  about  cybersecurity. 

“We  are  seeing  quite  a  bit  of  command  and 
control  traffic  that  is  IPv6,”  says  Jason  Schiller, 
senior  Internet  network  engineer,  global  IP  net¬ 
work  engineering  for  the  public  IP  network  at 
Verizon  Business.  “Hackers  are  trying  to  lever¬ 
age  IPv6  to  fly  under  the  radar.  We’re  seeing  a 
lot  of  bot  networks  where  the  command  and 
control  is  under  IPv6.  We’re  also  seeing  illegal 
file  sharing  that  leverages  IPv6  for  peer-to-peer 
communications.” 

Rogue  IPv6  traffic  is  an  emerging  threat  for 
network  managers.  The  biggest  risk  is  for  orga¬ 
nizations  that  have  decided  to  delay  IPv6  deploy¬ 
ment  because  they  don’t  see  a  business  driver  for 
the  upgrade  —  a  category  that  includes  most  U.S. 
corporations. 

U.S.  federal  agencies  are  in  a  better  posi¬ 
tion  to  protect  themselves  against  IPv6-based 
threats  because  they  have  enabled  IPv6  across 
their  backbone  networks.  Federal  agencies 
are  moving  ahead  with  plans  to  integrate  IPv6 
into  their  enterprise  architectures  and  capital 
investments. 

Rogue  IPv6  traffic  “is  a  very  real  threat,”  says 
Sheila  Frankel,  a  computer  scientist  in  the  Com¬ 
puter  Security  Division  of  the  National  Insti¬ 
tutes  of  Standards  and  Technology  (NIST). 

“People  can  have  IPv6  running  on  their  net¬ 
works  and  not  know  it.  Computers  and  other 
devices  can  ship  with  IPv6  turned  on.  Ideally, 
if  you’re  not  prepared  to  protect  against  IPv6,  it 
should  be  turned  off  for  all  the  devices  on  your 
network.  You  need  to  be  prepared  to  block  it  at 
your  perimeter.  You  want  to  block  it  coming  in 


and  going  out,”  Frankel  says. 

Frankel  recommends  that  organizations  that 
don’t  want  to  run  IPv6  in  production  mode  buy 
firewalls  and  intrusion-prevention  systems 
(IPS)  that  can  block  both  native  and  tunneled 
IPv6  traffic. 

“You  should  be  blocking  not  only  pure  IPv6 
traffic  but  also  IPv6  traffic  tunneled  inside  of 
other  traffic,”  he  says.  “Network  operators  have 
to  be  aware  of  the  ways  IPv6  would  normally 
be  tunneled  in  IPv4  traffic  and  in  the  different 
types  of  transition  mechanisms,  and  they  have 
to  become  aware  of  the  rules  necessary  to  block 
these  various  classes  of  traffic.” 

Where  does  rogue  IPv6  traffic  come  from? 

IPv6  traffic  gets  on  your  network  because  many 
operating  systems  —  including  Microsoft  Vista, 
Windows  Server  2008,  Mac  OS  X,  Linux  and 
Solaris  —  ship  with  IPv6  enabled  by  default. 
Network  managers  have  to  disable  IPv6  on 
every  device  installed  on  their  networks  or  these 
devices  can  receive  and  send  IPv6  traffic. 

“We’re  probably  talking  about  300  million 
systems  that  have  IPv6  enabled  by  default,” 
estimates  Joe  Klein,  director  of  IPv6  Security  at 
Command  Information,  an  IPv6  consultancy. 
“We  see  this  as  a  big  risk.” 

Experts  say  it’s  likely  that  network  managers 
will  forget  to  change  the  IPv6  default  settings  on 
some  desktop,  server  or  mobile  devices  on  their 
networks.  At  the  same  time,  most  organizations 


Enabling  IPv6 

Hundreds  of  millions  of  network  devices 
are  shipping  with  IPv6  enabled  by  default: 

378  million  3G  SIM  cards  sold  in  2008 

180  million  Microsoft  Vista 
systems  sold  as  of  July  2008 

37  million  IPTV  subscribers  estimated 
for  2009 


2  million  Mac  OS  X  systems  shipped  in 
Q1 2009 

Total:  597  million 


SOURCE:  COMMAND  INFORMATION 


have  IPv4-based  firewalls  and  network  manage¬ 
ment  tools  that  don’t  automatically  block  IPv6 
traffic  coming  into  their  networks. 

“The  most  common  IPv6-based  attacks 
that  we’re  seeing  right  now  are  when  you  have 
devices  on  the  edge  of  your  network  that  are 
dual  stack,  which  means  they’re  running  IPv4 
and  IPv6.  If  you  only  have  an  IPv4  firewall, 
you  can  have  IPv6  running  between  you  and 
the  attacker,”  Klein  says.  “The  attacker  is  going 
through  your  firewall  via  IPv6,  which  at  that 
point  is  wide  open.” 

Another  common  problem  is  IPv6  traffic  tun¬ 
neled  over  IPv4  using  such  techniques  as  Teredo, 
which  is  supported  by  Microsoft,  or  the  alter¬ 
native  6to4  and  Intra-Site  Automatic  Tunnel 


Addressing  Protocol  (ISATAP)  approaches. 

“The  typical  IPv4  security  devices  are  not 
tuned  to  look  for  IPv6  tunnels,”  Klein  says. 
“They  offer  very  weak  defense,  which  is  kind  of 
scary.” 

Klein  says  the  Only  way  network  managers 
can  discover  IPv6  devices  on  their  network  is  to 
run  IPv6.  Even  then,  it’s  extremely  difficult  to 
discover  IPv6  tunnels. 

“You  might  be  able  to  find  the  top  three  tun¬ 
nels  but  not  all  the  other  sub-tunnels,”  Klein 
says.  “You  can  tunnel  IPv6  over  HTTP  over 
IPv4.  How  are  you  going  to  find  that?” 

To  battle  these  threats,  Command  Informa¬ 
tion  is  offering  software  called  Assure6,  which 
operates  in  conjunction  with  deep  packet 
inspection  systems  to  identify  IPv6  traffic  tun¬ 
neled  over  IPv4.  Similarly,  the  McAfee  Network 
Security  Platform  offers  full  IPv6  and  tun¬ 
nel  inspection.  Cisco  and  Juniper  offer  IPv6- 
enabled  routers,  firewalls  and  other  systems 
that  let  network  managers  set  IPv6-related 
security  policies. 

Klein  says  he  gets  one  or  two  calls  a  month 
from  organizations  that  have  been  attacked 
through  rogue  IPv6  traffic. 

“One  of  our  honeypots  that  we  have  set  up  saw 
a  botnet  using  an  IPv6-only  attack,”  Klein  says. 
“It  was  hiding  itself  as  IPv4  through  our  router, 
and  it  was  attacking  and  issuing  command  and 
controls  to  a  botnet  in  the  Far  East.” 

The  number  of  IPv6  attacks  is  small  but  grow¬ 
ing,  LeMaster  says. 

“There  are  fewer  people  that  have  IPv6 
enabled,  so  it’s  not  as  rich  a  target  as  IPv4,” 
LeMaster  adds.  “The  majority  of  the  vulnerabili¬ 
ties  are  over  HTTP.  They’re  application  related, 
where  IPv6  is  just  the  transport  for  those  secu¬ 
rity  concerns.” 

Frankel  says  IPv6-based  threats  are  common 
enough  that  every  network  manager  needs  a 
plan  for  mitigating  them. 

“Nobody  today  will  deny  that  they  have  to  do 
something  about  viruses  or  about  spam,”  Fran¬ 
kel  adds.  “It’s  fair  to  say  that  rogue  IPv6  traffic  is 
in  this  category  of  threats  that’s  going  to  hit  you 
if  you  ignore  it.” 

Experts  disagree  about  whether  it’s  best  for 
network  managers  to  block  IPv6  traffic  or  to 
enable  IPv6  traffic  for  monitoring  purposes. 

Most  say  that  if  an  organization  isn’t  prepared 
to  support  IPv6,  it  should  block  IPv6  traffic  com¬ 
ing  into  and  leaving  its  network  using  IPv6- 
enabled  routers,  firewalls,  IPSs  and  IDSs. 

Network  managers  “should  be  creating  poli- 
cies...that  look  for  IPv6  traffic  and  if  they  see  it 
to  drop  that  packet,”  LeMaster  says.  “Within 
their  security  incident  manager  solution  they 
need  to  look  at  the  profiles  of  traffic  coming  into 
their  network.  They  need  that  visibility.  If  they 
see  IPv6  traffic,  they  need  to  find  out  what  host 
it’s  coming  from  or  going  to,  and  turn  that  traf¬ 
fic  off.” 

But  these  experts  admit  that  blocking  IPv6 
traffic  is  a  temporary  solution  because  a  grow¬ 
ing  number  of  your  customers  and  business 
partners  will  be  supporting  IPv6.  ■ 
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BACKSPIN  BY  MARK  GIBBS 

Lost  in  Linkedln  translation 


EVERY  NOW  AND  then  a  press  release  attracts 
my  attention  not  because  it  is  actually  good  but 
because  it  is  just  plain  silly  or  self-serving  or  spe¬ 
cious,  or  all  of  the  above. 

A  recent  press  release  from  the  American  Translators  Association  con¬ 
cerning  a  survey  that  Linkedln  sent  to  ATA  members  struck  me  as  being 
in  the  “all  of  the  above”  category. 

The  release  began:  “The  president  Qiri  Stejskal]  of  the  American  Trans¬ 
lators  Association  (ATA),  the  largest  organization  for  professional  trans¬ 
lators  and  interpreters  in  the  U.S.,  today  blasted  the  CEO  of  Linkedln  in  a 
letter,  calling  its  plea  for  free  translation  services  from  the  site’s  own  mem¬ 
bers,  ‘misguided,  troubling  and  clearly  incompatible  with  the  operation  of 
a  for-profit  enterprise.’” 

Now,  what  this  audra  (that’s  Lithuanian  for  “storm”)  in  a  tebolli  (Icelan¬ 
dic  for  “teacup”)  is  all  about  is  that  Linkedln’s  survey  included  a  multiple- 
choice  question:  “What  type  of  incentive  would  you  expect  for  translating 
Linkedln’s  site?” 

The  choices  ranged  from  “I  would  want  to  do  this  because  it’s  fun” 
through  “Highlight  your  ...  work  [as]  the  #1  translator  ...  in  [language 
name]”,  to  “Upgraded  Linkedln  accounts.”  There  was  also  a  final  option, 
“other”,  where  the  respondent  could  enter  whatever  they  wanted. 

It  all  seemed  innocent  (“artalmatlan”  in  Hungarian)  enough.  What 
Linkedln  was  doing  has  been  described  as  “crowdsourcing,”  which,  to 
quote  Wikipedia,  is  “  a  neologism  for  the  act  of  taking  a  task  traditionally 
performed  by  an  employee  or  contractor,  and  outsourcing  it  to  an  unde¬ 
fined,  generally  large  group  of  people  or  community  in  the  form  of  an  open 
call.”  But  Stejskal  was  having  none  of  it. 

Stejskal  exclaimed  (“vzklikniti”  in  Slovenian):  “It’s  astonishing  that 


[Linkedln],  whose  very  existence  is  predicated  on  fostering  professional¬ 
ism,  would  compromise  its  own  professionalism  by  approaching  its  mem¬ 
bers,  hat  in  hand,  seeking  donations  for  a  for-profit  entity.” 

Now  let’s  consider  the  issues  (“izdati”  in  Serbian)  that  make  this  position 
rather  odd.  First,  Linkedln  was  only  asking  whether  the  translators  would 
be  interested  in  the  project,  not  demanding  that  they  participate. 

There  was  no  coercion,  no  threats  of  retribution  (“punizione”  in  Italian), 
just  a  “hey,  would  you  be  interested  and  would  any  of  these  compensations 
work  for  you  and  if  not,  what  would?”  Second,  I’d  hazard  a  guess  that  the 
majority  of  translators  using  Linkedln  are  doing  so  using  free  accounts. 

But,  it  transpires,  Stejskal  was  not  alone  in  his  anger  (“gniew”  in  Polish). 
It  seems  that  translators  are  a  relatively  easily  insulted  bunch  and  follow¬ 
ing  the  Linkedln  survey  Twitter  was  soon  a-tweet  with  angry  tweets  and 
a  Linkedln  group  named  “Translators  against  Crowdsourcing  by  Com¬ 
mercial  Businesses”  was  formed.  There  was  even  an  article  in  The  New 
York  Times  about  the  fracas  (that’s  French). 

It  appears  that  the  translators’  outrage  couldn’t  have  been  greater  even 
if  you  were  to  suggest  that  they  are  a  rather  easily  insulted  bunch  whose 
mothers  (“moeders”  in  Dutch)  wear  army  boots.  What  I  don’t  get  is  exactly 
what  they  are  outraged  about.  How  can  they  blame  Linkedln  for  asking? 
It’s  not  like  other  organizations  haven’t  tried  the  same  thing. 

So,  to  the  ATA,  its  president,  and  all  of  its  incensed  members  who  are 
feeling  slighted  by  Linkedln’s  attempt  at  crowdsourcing:  Get  over  it.  Ignore 
it.  You’re  just  making  a  iddetli  firtina  (“tempest”  in  Turkish)  in  a  die  Teeka- 
nne  (“teapot”  in  German). 

In  case  translators  try  to  track  him  down  Gibbs  doesn’t  live  in  Ventura, 
Calif.  They  can,  however,  write  to  him  at  backspin@gibbs.com. 


NETBUZZ  BY  PAUL  McNAMARA 


Ringtone  royalties  are  music  to  these  ears 


THIS  SPLENDID  IDEA  inexplicably  managed  to 
raise  a  ruckus  right  before  the  holiday  weekend: 
Every  time  a  musical  ringtone  plays  in  public  — 
suggests  the  American  Society  of  Composers,  Authors,  and  Publishers 
—  carriers  should  pay  a  royalty  for  the  “performance,”  a  cost  that  would 
unfortunately  need  to  be  passed  along  to  wireless  phone  users. 

Consumer  advocates  and  online  pundits,  whipped  into  a  lather  by  an 
unusually  shortsighted  Electronic  Frontier  Foundation,  turned  their 
amplifier  dials  up  to  11:  “This  is  an  outlandish  argument  from  ASCAP,” 
huffed  an  EFF  attorney.  “Are  the  millions  of  people  who  have  bought  ring- 
tones  breaking  the  law  if  they  forget  to  silence  their  phones  in  a  restaurant? 
Under  this  reasoning  from  ASCAP,  it  would  be  a  copyright  violation  for 
you  to  play  your  car  radio  with  the  window  down!” 

Exactly!  Let’s  make  the  “violators”  pay.  How  does  $1,000  per  “perfor¬ 
mance”  sound? ...  I  say  it  sounds  better  than  hearing  “Achy-breaky  Heart” 
in  a  pokey  elevator.  It  sounds  better  than  another  tinny  version  of  “Lon¬ 
don  Calling,”  which  stopped  being  funny,  oh,  a  few  million  ringtones  ago. 
...  And  don’t  get  me  started  on  Crazy  Frog. 

At  a  grand  a  pop,  how  long  do  you  think  it  would  take  before  diners 
don’t  forget  to  silence  their  phones  in  a  restaurant?  How  long  before  we 
can  watch  movies  without  an  alternative  sound  track  from  the  audience? 
How  long  before  run-amok  ringtones  don’t  interrupt  press  conferences 
being  conducted  by  the  leader  of  the  free  world?  Not  long. 

I  know  what  you’re  thinking,  though:  How  would  such  a  punitive  sys¬ 
tem  ever  be  enforced  and  isn’t  $1,000  a  bit  harsh? 

Well,  if  we’ve  learned  anything  in  recent  years  it’s  that  carriers  have 
the  technology  to  monitor  what  their  customers  are  doing.  And,  ASCAP 
apparently  has  more  than  enough  attorneys  on  retainer  to  put  some  teeth 


behind  the  billings. 

As  for  $1,000  being  too  steep:  Vibrate  stays  free,  people. 

Another  pair  of  deadline-extending  dodges 

A  recent  item  about  the  Web  site  Corrupted-Files.com  had  one  reader 
reaching  into  the  memory  bank  for  a  similar  tale  that  deserves  sharing. 

Corrupted-Files,  if  you  missed  it,  sells  unreadable  Word,  Excel  and  Pow¬ 
erPoint  files  to  students  and  others  who  in  turn  submit  them  to  professors, 
bosses  or  clients  in  the  hope  that  the  files  won’t  be  opened  —  and  “the  prob¬ 
lem”  discovered  —  until  they  have  had  a  chance  to  actually  finish  that  term 
paper  or  work  project. 

Writes  Bob  McNally  of  Worcester,  Mass.:  “In  the  ‘80s  I  was  doing  con¬ 
tract  programming  in  Z80  assembler  for  a  company  that  manufactured 
teller  terminal  systems. 

“When  a  project  was  running  behind  and  the  customer  needed  a  deliv¬ 
ered  system,  there  was  a  manager  who  would  write  a  letter  for  the  deliv¬ 
ery  of  the  software.  He  would  then  staple  the  5.25  inch  floppy  diskette  to 
the  letter  and  mail  it  to  the  customer.  When  the  customer  called  about  the 
disk  with  the  staple  through  it  he  would  apologize  about  ‘the  secretary  that 
keeps  doing  that’  and  promises  to  send  a  new  disk  immediately. 

“If  the  software  was  ready  they  would  get  a  diskette  with  the  updated 
software.  If  he  needed  to  buy  a  few  more  days,  another  diskette  would  be 
prepared  by  inserting  a  small  piece  of  double-stick  tape  into  the  floppy  so 
that  it  would  not  spin  when  inserted  into  the  drive.  A  second  letter  and 
the  diskette  would  be  mailed  to  the  customer. ...  This  guy  could  stretch  a 
delivery  date  by  a  couple  of  weeks  easily!” 

Have  one  of  your  own  to  share?  The  address  is  buzz@nww.com. 
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